Charles,
On 1/13/11 11:41 AM, Charles Lindsey wrote:
The question of making the public key available is entirely orthogonal to
that core protocol. The DSN mechanism is fine for some applications,
especially where the lifetime of the signature is at most a few weeks. But
other means of publicising (and especially of authenticating) public keys
are also in widespread current use and there is nothing in the core
protocol that would prevent their use in other applications where they
were more suitable.
So DOSETA should provide for multiple plug-in key storage mechanisms in
just the same was as it provides for multiple plug-in canonicalizations.
By all means include the current DNS method as plug-in-key-management #1.
While perhaps this is an entertaining idea (I was particularly
entertained since it seems to take my notion of generalization far
beyond where I might have taken it), absent an application I have a
difficult time supporting it. And even if you had an application, I
would be initially disinclined to go this far, simply because
generalization comes with the cost a loss of specific optimization and
often some amount of (sometimes substantial) overhead. Further, we
don't really get a good view of what to generalize without substantial
operational experience with disparate use cases.
Eliot
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html