On 30 Aug 2006 19:38:58 -0000 John Levine <[EMAIL PROTECTED]> wrote: >>That sounds to me like you are saying that DKIM first party signing is only >>for big domains. > >No, I'm saying that the anyone who wants to sign their mail with their >own domain can do so. If you want to delegate that to a service >bureau, we have working examples today of domains using NS delegation >to outsource their mail including DK signing. Even if you are too >cheap to use a DNS service that lets you put in NS records, your can >get much the same effect by having your mail service make up your >keys, send you CNAME or TXT records, and you cut and paste them into >your zone, not unlike the way that you help people to put in SPF >records. > OK. Sorry I was reading to much into what you wrote. I think that list of options does include choices that are suitable for nearly everyone.
I'm waiting for some time to seriously think about if I think it's adequate or if a policy mechansim is require too. I'm now undecided on the matter. >>"You're little, third party is good enough for you" is not the right answer. > >Actually, what I was saying is "you're little, your ISP's signature is >the one that matters." I host a bunch of little domains, and I expect >to sign all of their mail with my own somewhat better known domain. I >should be able to sign the mail of people who want with their own >domain, probably at modest extra cost, but I doubt many will ask. > Fair enough. As long as the mechanisms are in place to allow either approach in a reasonable way, I think that's a question the market can decide. >>At this point I'm not suggesting an alternative. My point is that NS >>subdomain delegation is not sufficient by itself. > >If I understand your position, you are positing that someone will pay >between $20 and $50/mo for Internet access, probably some extra amount >per month for a DKIM-capable mail service, but they use a crummy DNS >service where they don't know how to put in NS records, and the $2/mo >it would cost to switch to a DNS service that does support them is an >insurmountable barrier. Maybe I'm getting hard hearted in my old age, >but pleas of selective ineptness or selective poverty do not make a >compelling argument for anything. It's not a matter of money, but a matter of the complexity of dealing with an audience that the first step in the process is you have to explain what a DNS service IS and they have very limited time or interest in understanding. Scott K _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
