ietf-asrg
[Top] [All Lists]

Re: [Asrg] 6. Proposals - DNS + PKI - Yahoo's "Domain Keys"

2003-12-08 09:43:33
At 07:49 AM 12/8/2003, Derek J. Balling wrote:

On Dec 7, 2003, at 6:04 PM, Mark Baugher wrote:
  If DK means that each sender signs the message, then you have two
choices.  One is to have a domain-wide private key, in which case it
must change regularly, as spammers will quickly obtain it.

I don't know why you would assume this.

If I am $BIGCORP with $BIGNUM of employees, there's going to be less-than-honorable employees, there's going to be disgruntled ex-employees. If the sender signs their own message then your company's keys WILL get out into the wild.

I assumed that the MTA would have the private key and sign; not that the mail operator would hand our a *copy* of a public/private keypair to each sender. I have never heard of such a thing. Sorry that I missed that aspect of the yahoo proposal, where did they say that?

Mark





_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>