ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] DKIM charter update proposal

2009-10-03 21:06:40
I would like cox.com<http://cox.com/> to sign on behalf of a customer 
a.com<http://a.com/> to z.com<http://z.com/> so
a checker would lookup a.com<http://a.com/> and see that the 
cox.com<http://cox.com/> is the
authorized signer on behalf of z.com<http://z.com/>
On Oct 3, 2009, at 12:16 PM, Steve Atkins wrote:


On Oct 2, 2009, at 7:56 PM, 
<Bill(_dot_)Oxley(_at_)cox(_dot_)com<mailto:Bill(_dot_)Oxley(_at_)cox(_dot_)com>>
 
<Bill(_dot_)Oxley(_at_)cox(_dot_)com<mailto:Bill(_dot_)Oxley(_at_)cox(_dot_)com>>
wrote:

while I have enjoyed  participasting in this WG I would like to
discuss the ability of an ISP to sign on behalf  of an entity that we
provide all services for.

You can do that today, in several ways.

This has generated disinclination  in the
past but as a provider who has an expressed interest in providing 3rd
party signatures we need a set of rules/ideas that states I signed
this message on the behalf of 
foo.examplemy.client.com<http://foo.examplemy.client.com>. Otherwise DKIM
is interesting as an artifact but I ill will be signing soon my
residential emails but have no interest in signing my commercial folks
unless there is a benefit

If you have control over the DNS for 
foo.examplemy.client.com<http://foo.examplemy.client.com> then
you can sign mail with that token. If you don't have control over
it, but the owner of that wants you to sign on their behalf then
they can give you a private key for signing, or delegate a subtree
inside that space ( cox._domainkey.foo.examplemyclient.com)
to you, so you can handle the key management.

And you can sign the message twice, once as cox.com<http://cox.com>, once
as the customer domain, pretty cheaply.

Can you expand on what you'd like to be able to do that's different
from all those?

Cheers,
  Steve

_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html