Dave Crocker wrote:
Wietse Venema wrote:
> There is no need for the signing party to acquire a secret key
from the author party. To delegate signing from example.com
to isp.com, with d=example.com as a first-party signature:
There is an administrative choice, here. One can delegate a zone or delegate a
private key. The former is more simple, for on-going administrative, but it
leaves less control in the hands of the domain owner.
Just to be absolutely pedantic here, it's better to *enroll* the public
key vs.
delegating a private key. That said, I agree with what Dave says here.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html