And two minor comments on the architecture...
Architecture:
The DKIM working group will produce standards-track specifications
that describe authentication of message headers using public-key
signatures.
s/message headers/email messages, including selected headers,/
A key distribution mechanism will be described employing a
key centric
architecture employing domain names as identifiers.
Please clarify... `key centric`? and avoid double use of
`employing`...
Key-centric PKI is a term coined by (I think) Brian LaMacchia to
distinguish the PGP Key server and XKMS style of PKI from Lauren
Kohnfelder's certificate based approach. I think he coined the term
while at MIT and was working on the key server there.
The distinction is that in the Kohnfelder architecture the PKI is a
means of distributing certificates, its all about the certificates,
every request is of the form 'give me a certificate that looks like
this' or 'is this certificate valid for that'.
In the key centric model the requests are all focused on the key,
certificates if present are merely transport. The basic XKMS locate
query is 'what is the key I need to talk PGP to fred(_at_)example(_dot_)com'.
The DKIM PKI is very definitely in the XKMS key centric model.
_______________________________________________
ietf-dkim mailing list
http://dkim.org