william(at)elan.net:
On Wed, 30 Aug 2006, Wietse Venema wrote:
william(at)elan.net:
On Wed, 30 Aug 2006, Dave Crocker wrote:
John Levine wrote:
If I understand your position, you are positing that someone will pay
between $20 and $50/mo for Internet access, probably some extra amount
per month for a DKIM-capable mail service, but they use a crummy DNS
service where they don't know how to put in NS records,
And... Even if this scenario is correct, it does not warrant adding an
entire layer of security mechanism into DKIM.
Not "into" - on-top of or as supplement. And for specific type of
email identity security protection.
This would be a required component for all DKIM signature verifiers,
because there is no point building verifiers that can't verify all
valid signatures.
A policy described in separate record and use of which is described
in separate document RFC is a required component for those who only
want to do base verifier? Who said that?
This thread was about the delegation of the DKIM signing operation
including the delegation of DKIM public key information. Whatever
delegation methods are used (DNS or other), they would have to be
built into DKIM verifiers.
This is different from a third-party DKIM scenario with a policy
that says "domain X signs all mail from domain Y". That is not
delegation in the sense of the previous paragraph, and that does
not affect verifiers.
Wietse
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html