From: John Levine
Sent: Thursday, September 23, 2004 3:51 PM
I think we all agree that the goal is to define or create a scheme in
which senders can put signatures on mail messages and recipients can
verify them. The recipients need some way to fetch the verification
key. Do all the schemes use DNS for that, or are there others?
The SES scheme uses a custom UDP service or DNS to do signature
verification. So there are mechanisms outside DNS, but more importantly,
this scheme has the sender validating the signature instead of the
recipient. It shouldn't be a problem for one syntax to allow signature
validation to occur in a variety of ways. In some cases, the request for
external validation _is_ a DNS request.