Douglas Otis:
If an ISP were using the key/location provided to them from various
customers, there would be an identical process need. The assigned
keys however now include a need to acquire these keys rather than
simply creating them. In addition, there would be a separate key/
domain needed for each customer rather than a common key/domain for
non-validated 2822.From sources and one for validated 2822.From sources.
There is no need for the signing party to acquire a secret key
from the author party. To delegate signing from example.com
to isp.com, with d=example.com as a first-party signature:
author zone:
selector.example.com. IN CNAME example.com-selector.isp.com.
signer zone:
example.com-selector.isp.com. IN TXT keystuff....
The CNAME record is sufficient to delegate both the the private
key and the secret key to the signing party.
Wietse
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html