On Thu, 22 Dec 2005, Barry Leiba wrote:
Actually, the DKIM base spec does provide a mechanism for replacing the
DNS keystore with something else. Look at 1.4 for a general statement,
and the description of the "q=" tag in 3.5. DKIM's intended to be able
to support user-level keys in a future version (there's some discussion
of that in appendix A), and its design is set up specifically not to
prevent that.
The spec basicly says that you must support DNS public key distribution
and authorization; that something else may also be added later will not
change requirement for pki in dns and will only be usefull for those
who can support it as alternative way to retrieve the key (which means
the key would still need to be made available through dns for those who
do not).
It is really no brainer to see that if we have several authorization
meachanisms a set of them would have to be done as a required for those
creating implementation in order for them to be used and that means
working on all that as part of the main work on the system and
releasing together with other documents on the signature system.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf