ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision

2006-08-23 05:17:24
Douglas Otis:
If an ISP were using the key/location provided to them from various  
customers, there would be an identical process need.  The assigned  
keys however now include a need to acquire these keys rather than  
simply creating them.  In addition, there would be a separate key/ 
domain needed for each customer rather than a common key/domain for  
non-validated 2822.From sources and one for validated 2822.From sources.

There is no need for the signing party to acquire a secret key
from the author party. To delegate signing from example.com
to isp.com, with d=example.com as a first-party signature:

author zone:
    selector.example.com. IN CNAME example.com-selector.isp.com.

signer zone:
    example.com-selector.isp.com. IN TXT keystuff....

The CNAME record is sufficient to delegate both the the private
key and the secret key to the signing party.

        Wietse
    
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html