ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision

2006-08-23 18:47:54


Sure, but my worry is that we define SSP so that we push people
to delegate keys (as opposed to signing) and then get (properly)
criticised for not supplying the required key management. 


Whether to delegate DNS administration of a name that is used for signing, or
merely to delegate a private key that is used for that name, is a matter of
administrative choice by the owner of the domain.

In other words,

1) I can keep all the DNS administration, including for the sub-domain and
including key generation and publishing; so I merely tell the outside service
what domain name to use and what private key to use; or

2) I can register a DNS NS record for the sub-domain and let the outside service
do all the key and related DNS work themselves.

There is nothing that we are doing that dictates or even suggests which choice
to make.  Nor, I believe, should there be.

As for getting "(properly) criticised for not supplying the required key
management", I have no idea what you mean.


d/
-- 

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>