One of the major reasons I've been promoting the idea of the third party authorized list/DSD is to allow smaller domains that do not have the ability to do subdomain NS delegation to get the effective benefit of first party signing. So, when I saw this:
On Saturday 26 August 2006 23:16, Wietse Venema wrote: > (*) This is possible even when the signer is in a different domain. > All they need is the private key that matches the public key > in the d= DNS record. That record can, but does not have to, > be CNAME delegated to the signer's DNS. I was interested. Is a CNAME a reasonable alternative to the subdomain NS delegation approach that's been described previously? I don't recall this being mentioned before. It makes sense to me, but I certainly hadn't thought of it. If this is viable, it changes, somewhat, my perspective on the significance of the requirement that we've stopped discussing for now. Scott K _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
