Michael Thomas wrote:
Mark Delany wrote:
5. If the customer trusts you, they might supply a private key to
match a Selector so that you can sign the submissions on their
behalf.
It's easier than that. The customer merely needs to put a public
key that the esp's signer is using already into their selector,
and then the esp can sign as the customer's domain. This is yet
another manifestation of the "outsourced business" functionality.
Agreed.
Yet another option, even if you don't host the domain's DNS, they can
still delegate the _domainkey subdomain back to you. This gives you the
ability to sign messages on their behalf, and also take care of key
management (rollover, etc.) without any action on the domain's part.
-Jim
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html