--On Friday, January 14, 2005 12:18 PM -0800 Douglas Otis
> This makes DNS the ideal place to store the keys and it scales well,
> since the "site" is known by its domain.
The point was not wanting to wait for a key to expire used by many
accounts. Such a key will likely be retained for more than a week to
ensure delivery of mail. A spammer could send themselves the various
spam they wish to distribute and, even if the account is closed, they
could send millions of copies of these messages from elsewhere and
receive confirmation until the expiration of the key. A spammer would
only need 50 accounts to continue their spamming for year by abusing the
signature. Without being able to immediately respond to a problem,
defending the signature's reputation or seeing a benefit from the use of
a signature would be made difficult.
I don't believe we need key revocation in order to "reject" a message.
Assuming you don't want to reject a site, when the signature for the
submission hop verifies you could have an opaque user identifier. You
simply reject based on that.
It's not important what the actual user identifier is. What is important
is its characteristics, e.g., messages originating from the same location
have the same value.
Even if you want to reject a site, when the signature verifies you can do