On Aug 28, 2006, at 2:48 PM, Wietse Venema wrote:
Michael Thomas:
That assumes you know what the operator will name the new
selectors -- that seems a bit problematic in the large, but for
some situations might be ok. I didn't even realize the Jim was
using CNAME's for his selectors...
For long-term applications, the need to pre-create
selector2006/2007/etc. is an inconvenience. For short-term
applications, however, a CNAME may have more benefits. It allows a
site maintain control over what names are delegated. With
delegation of an entire DNS subtree there is less control over the
delegated name space.
A CNAME outside DNS also comes at the expense of adding a DNS
transaction and a point of failure. A CNAME transcription error used
at some point in the future may take a while to resolve when it does
become problem. This may be difficult to resolve when the CNAME
appears to point to a valid key. Scaling may create namespace
densities where such errors are not always apparent and could be
induced by either the provider or the domain owner. It is not as
simple as put these CNAMES "here" pointing "there", the g=, s=, t=
and TTL are also details a domain owner may wish to be able to alter.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
