ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision

2006-08-18 11:58:40
Dave Crocker wrote:

In other words, I suggested that use of classic DNS sub-domains provides the
delegation features that cover the interesting cases for DKIM.

I continue to be unclear what is superior about having SSP invent a new
mechanism that creates security problems and additional administrative overhead.
Naively, I think there are some cases where the NS delegation mechanism leaves something to be desired and hence the desire to have a more passive arrangement between the domain holder and the signer. What I think we're finding is that there's no free lunch and that the seemingly desirable passive mode suffers from unacceptable security problems. If it turns out that the passive mode of delegation is in fact active after all (ie, requires agreement between domain holder/signer), then the requirement should be dropped since you're exactly right: we already have a means to do that.

I think we're pretty much there, IMO. I'll let Stephen and Barry call that though.

      Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>