Hallam-Baker, Phillip wrote:
Are we going to specifically disallow fred the ability to
sign for ceo(_at_)example(_dot_)com by policy or say that fred can only
sign for marketing(_at_)example(_dot_)com?
Regards,
Damon Sauer
The principle of least privillege would argue for the second.
Is there some reason we don't use the delegation mechanism in -base to
accomplish this? Presumably Example Corporation has the ability to
publish delegated key records for itself.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html