--- Thomas Roessler <tlr(_at_)w3(_dot_)org> wrote:
On 2005-07-25 17:13:27 -0700, Hallam-Baker, Phillip wrote:
The true choices here are three fold:
1) Only use DNS based keying
2) Design a completely new non-DNS based keying mechanism from scratch
3) Support the use of existing non-DNS keying mechanisms that are
approved standards
I agree.
(As I said before, I don't think the charter should a priori exclude
non-DNS mechanisms for key storage and retrieval. I'm fine, though,
with leaving the design of entirely new mechanisms out of scope.)
I know it's not an issue for everyone, but if a relatively heavy-weight key or
policy fetching mechanism, such as HTTP or HTTPS becomes required, then it has
a substantial infra-structure impact on large inbound mail sites - especially
if the policy lookup is required subsequent to a failed or non-existent
signature, which will be the common case for quite some time.
Having an optional accreditation mechanism that uses a heavy-weight protocol is
more tolerable.
Mark.