Paul Hoffman wrote:
At 12:44 PM -0700 7/5/06, Douglas Otis wrote:
DKIM generally represents a domain wide entity. A trusted third
party (TTP) establishes trust between two parties when both trust the
third party. For DKIM, the TTP would be the signing domain verified
by DNS.
This is completely wrong, and goes against nearly everything that this
WG has been working on. The signing domain is *not* trusted.
Does anyone other than Doug think that it is?
We have talked about the concept of third-party signatures, although
this concept is really developed in the SSP draft, which hasn't come up
yet. But DKIM does not in general depend on a trusted third party to
function, except possibly for DNS.
Doug does have a point though. He says, "...nor does DNS represent a
discrete entity or party." Describing DNS as a "party" to this protocol
is probably a stretch.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html