On Jul 11, 2006, at 3:20 PM, EKR wrote:
Hmm... I don't read it that way. The beginning of 5.4 says:
Unlike all four previous IETF email security initiatives, DKIM
employs a key centric, directory based PKI as opposed to a
certificate based PKI in the style of Kohnfelder (X.509) or
Zimmerman
(web of trust).
Which seems to suggest that X.509 isn't directory-based. But as I
noted, the original design certainly was....
There are likely those who will argue DNS not offer a directory
either, but rather a label tree. A major difference between these
services is how registration is handled. The nature of DNS
registration allows name acquisition without accountability. The
concept of a trust service should encompass both publishing _and_
registration. Care should be taken not to diminish this sizable
distinction.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html