Doug,
Douglas Otis wrote:
The revocation record would be self-published within their domain in
the same fashion as the keys. If the task of publishing the revocation
records proves too burdensome, they could delegate the revocation zone
to a provider ...
So you need a different mechanism to distribute those
revocation lists to the provider when they're too
big/quickly changing for me to manage in my own
domain. Is that what you mean?
If so, which protocol is used for that?
If that's an intrinsic part of your opaque-identifier scheme,
then it'd have to be specified at the same time or else we'd
have an unacceptable scaling issue, right?
Please make the answers as short as the questions, e.g. if the
answer is "TBD" then that's enough information for now:-)
Stephen.
_______________________________________________
ietf-dkim mailing list
http://dkim.org