I think we should split this out into different issues:
1) Do we need a delegation mechanism? 1a) What should the delegation semantics be? 2) What pointer mechanism should we use? 2a) What are the properties of NS records AS DEPLOYED 2b) What are the properties of CNAME records AS DEPLOYED 2c) What are the properties of PTR records AS DEPLOYED 2d) What are the penalties for defining a new record? 3) What are the deployment constraints? On question 2b: To answer Jim'squestion about CNAME support, I would be surprized if any DNS proxy did not support transport of CNAME records which were defined in 1035. I would expect the vast majority of DNS servers to support publication of them as well, they are pretty basic to the functioning of DNS. What my concern would be is what the effect of using them in this way would be. In particular what is the effect of wildcard CNAME records? A lot of zones already have those in place. So what happens if I have outsourced all my Web hosting to Lieberhost.com by declaring: *.example.com CNAME www69.lieberhost.com mail.example.com A 10.0.0.0 example.com MZ 1 1 mail.example.com Oops I have just delegated signing authority for my outgoing emails even though my MX record config clearly shows that I did not intend to do that. So I conclude that CNAME would be a bad choice as existing records are likely to bite you. I suggested using PTR records in the policy case because they are widely supported but have no predefined semantics that are likely to be trodden on. I think the answer here is to look more closely at the delegation semantics. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
