ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision

2006-08-23 08:15:58
from [Dave Crocker] [Permanent Link] 


Wietse Venema wrote:

There is no need for the signing party to acquire a secret key
from the author party. To delegate signing from example.com
to isp.com, with d=example.com as a first-party signature:


There is an administrative choice, here.  One can delegate a zone or delegate a
private key.  The former is more simple, for on-going administrative, but it
leaves less control in the hands of the domain owner.

If the zone is delegated, then the owner does not get to set the TTL for the
signing domain name.  If the owner needs to revoke the sub-domain zone, the TTL
might be quite long, before everyone's cache for it flushes.

d/
-- 

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [ietf-dkim] Bayesian filters are the pits, Hallam-Baker, Phillip
Next by Date:  Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision, Michael Thomas
Previous by Thread:  Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision, Wietse Venema
Next by Thread:  Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision, Michael Thomas
Indexes:  [Date] [Thread] [Top] [All Lists]