On Fri, 29 Sep 2006 10:17:36 +0100 Stephen Farrell <[EMAIL PROTECTED]> wrote: > >So - on the jabber chat we almost established a rough consensus >not to include designation at this point. > >If no-one else speaks up either way, I reckon that that's the >only resolution, i.e. we drop designation. >
I have been experimenting over the last few days with the use of CNAME records as an alternative to NS delegation as suggested by Weitse Venema and seconded by Jim Fenton. I agree that is a viable alternative and so I withdraw my earlier assertion that this feature is needed to support deployability. I am not aware of any DNS providers that do not support CNAME. IMO, this only leaves the question of where accountability for email should lie. Today, accountability is primarily with the provider based on IP address. The designated signer approach preserves this since messages will be signed by the operator's domain. First party signatures for the author's domain applied by an administratively separate MTA changes that and pushes accountability to the author and away from the sender. This is, of course, the social engineering conundrum that Weitse Venema warned about a few weeks ago. Personally, I think the designated signing approach is better aligned with current practice and has less social engineering risk, so I think that the requirement should remain. That said, my primary concern was the issue of deployability and I think that's been adequately addressed without this requirement. I am mildly in favor of keeping it, but don't feel strongly about it. Scott K _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
