[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Mark Delany
On Tue, Feb 07, 2006 at 08:06:10PM -0800, Hallam-Baker,
Phillip allegedly wrote:
Might make sense in a policy record,
You mean as a domain-level root for per-user keys? An
interesting thought.
But one that I think would still have to be backed in practice by
relevant certificate extensions.
The other issue with many of these "alternative" key storage
specs is that they just store keys. Adding all the Selector
goop into these would be a bit of a convolution and possibly
an unwelcome one by the original authors.
Absolutely.
There is quite a difference between using the raw lookup protocols
described in 4386/4387 and XKMS where you have the ability to use the
UseKeyWith element to add semantics to the keying material.
On the other hand running the system from the key record as I proposed
does work fine without the contortions.
Oh and in case people think this is NIH special pleading, I am the
co-author of the 4386 RFC that deals with LDAP. That draft originally
covered HTTP as well in a half-baked fashion until Peter decided it
needed a more comprehensive treatment and wrote it up.
So yes, we are aware of these drafts, no they do not substantially
change anything.
_______________________________________________
NOTE WELL: This list operates according to
<http://dkim.org/ietf-list-rules.html>