ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Certifying the DKIM public key?

2011-05-22 16:31:29
from [J.D. Falk] [Permanent Link] 
On May 22, 2011, at 12:27 PM, John R. Levine wrote:


It occurs to me that since mail certification is likely to make assertions 
about behavior as well as identity, the SSL model in which certs last for 
a year won't work, since behavior can change rapidly.  Either the 
certifier has to issue a stream of short-term certs to everyone it 
certifies, or the verifiers have to check CRLs, which is tedious.  By the 
time you do all that, a DNS check, even one with DNSSEC, looks pretty 
attractive.


That's how it works at the IP level today.

--
J.D. Falk
the leading purveyor of industry counter-rhetoric solutions

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] 8bit downgrades, Hector Santos
Next by Date:  Re: [ietf-dkim] Last Call: <draft-ietf-dkim-mailinglists-10.txt> (DKIM And Mailing Lists) to BCP, ned+ietf
Previous by Thread:  Re: [ietf-dkim] Certifying the DKIM public key?, Hector Santos
Next by Thread:  Re: [ietf-dkim] Certifying the DKIM public key?, Douglas Otis
Indexes:  [Date] [Thread] [Top] [All Lists]