Scott Kitterman wrote:
>Thanks,
>
>But wouldn't Jim's suggestion of pre-creating extra CNAMES allow for key
>management by the operator?
>
>Keeping in mind that we are focused on small domains that don't have the
>ability to do subdomain NS delegation, do you think that for small scale the
>approach would be reasonably useful?
Michael Thomas:
> That assumes you know what the operator will name the new selectors -- that
> seems a bit problematic in the large, but for some situations might be
> ok. I didn't even realize the Jim was using CNAME's for his selectors...
For long-term applications, the need to pre-create selector2006/2007/etc.
is an inconvenience. For short-term applications, however, a CNAME
may have more benefits. It allows a site maintain control over what
names are delegated. With delegation of an entire DNS subtree there
is less control over the delegated name space.
Wietse
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
