I would prefer to avoid ending up with a SPF like macro scheme but I have no
objection if the identifier is specified in the message.
The ID is going to have to be in the signature scope.
-----Original Message-----
From: Andrew Newton [mailto:andy(_at_)hxr(_dot_)us]
Sent: Sunday, March 06, 2005 11:19 AM
To: Hallam-Baker, Phillip
Cc: mlibbeymail-mailsig(_at_)yahoo(_dot_)com; 'Douglas Otis'; MASS WG
Subject: Re: In response to Housley-mass-sec-review
On Mar 6, 2005, at 10:57 AM, Hallam-Baker, Phillip wrote:
Nah, why not just do a hierarchical query?
Base64(SHA1(messageID)).Base64(sha1(userID))._revocation.example.com
Standard DNS config can then be used to revoke the user or the
individual
message:
*.Base64(sha1(userID))._revocation.example.com TXT "status=revoked
reason=spam"
I was thinking the same thing. Though it need not be codified in the
standard. The identifier just needs to conform to DNS label
syntax, be
it one label or many. That way Yahoo can use this type of scheme and
smaller mail systems can use simpler schemes.
-andy