Steve Atkins wrote: > On Jun 16, 2009, at 2:35 PM, Michael Thomas wrote: >> >> 1) People saying that d= is THE IDENTIFIER are overloading the >> value: d= a routing >> label to a particular DNS subtree. Whether it has anything to do >> with THE >> IDENTIFIER is purely coincidental. The assumption that these two >> functions are >> identical is bogus. i= was supposed to be this stable value >> detached from the >> mechanical DNS routing function. > > Are you confusing the d= value and the DNS node (including selectors and > suchlike) that the public key lives at?
No. d= is just the locater to that node. > The d= value has been the persistent identifier for the signer since > day one, > while the i= value is a more specific value that the signer can > optionally use. No, it's the other way around. i= *always* has a value, even if it's not present; it's not "optional" in the way you're using the word. > Given that the RHS of i= is either identical or a subdomain of d= it's > nonsensical > to consider i= more stable than d=, as i= must change if d= does. I never said anything about "stability". I said that the two aren't same. i= can be something like mojave.skunkworks.megacorp.com where d= is just megacorp.com, because it's impossible at megacorp.com to implement DNS subdomains. This isn't about stability, it's about having identifiers that match the *mail identity* infrastructure that you'd like to implement. That shouldn't be constrained by the accident of routing to the selectors of whatever DNS infrastructure megacorp.com is stuck with. Mike _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html