On May 22, 2011, at 12:27 PM, John R. Levine wrote:
It occurs to me that since mail certification is likely to make assertions
about behavior as well as identity, the SSL model in which certs last for
a year won't work, since behavior can change rapidly. Either the
certifier has to issue a stream of short-term certs to everyone it
certifies, or the verifiers have to check CRLs, which is tedious. By the
time you do all that, a DNS check, even one with DNSSEC, looks pretty
attractive.
That's how it works at the IP level today.
--
J.D. Falk
the leading purveyor of industry counter-rhetoric solutions
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html