--On mandag, september 12, 2005 12:28:54 +0000 Charles Lindsey
<chl@xxxxxxxxxxxxxxxx> wrote:
Yes, but that does not go as far as Forrest was suggesting. RFC 2486 makes
it clear that if you want to use foo.bar.example.com as an NAI realm, then
it had better resolve to _something_ in the DNS (though maybe a mere TXT
record would suffice).
No, it explicitly does not.
I did not quote all of RFC 2486, but the document makes it very clear that
there is NO requirement for *anything* to be at this point in the DNS.
The requirement for using foo.bar.example.com as a NAI is that you have a
"right to use" the name foo.bar.example.com in the DNS.
This can be an agreement with the bar.example.com administrator, or an
agreement with the example.com administrator (if bar isn't administered
separately) - there's no need for anything in the DNS.