On Wed, 12 Jan 2011 17:10:52 -0000, Dave CROCKER <dhc(_at_)dcrocker(_dot_)net>
wrote:
This raise a specific and interesting technical point. I haven't seen a
response so far, so...
The core of this technology has keys that are named and accessed in
terms of
domain names. It really is fundamental to this technical approach.
I don't see how that can be so.
The fundamental core of this technology is a mechanism for contructing a
hash covering a named selection of headers and a body, coupled with some
canonicalization rules, and incorporating that into a signature header
using some well-known algorithm such as rsa (but allowing for others).
The question of making the public key available is entirely orthogonal to
that core protocol. The DSN mechanism is fine for some applications,
especially where the lifetime of the signature is at most a few weeks. But
other means of publicising (and especially of authenticating) public keys
are also in widespread current use and there is nothing in the core
protocol that would prevent their use in other applications where they
were more suitable.
So DOSETA should provide for multiple plug-in key storage mechanisms in
just the same was as it provides for multiple plug-in canonicalizations.
By all means include the current DNS method as plug-in-key-management #1.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html