ietf-mailsig
[Top] [All Lists]

Re: Additional Key Management Methods RE: DKIM - DNS RR

2005-07-19 18:09:57

It seems entirely reasonable to me that an email product that is
advertised as DKIM compliant MUST support the dns retrieval
mechanism.

Agreed.

That does not suggest to me that an individual signature cannot 
be DKIM compliant unless the key can be retrieved using the dns 
mechanism. It is like saying that everyone MUST support RSA 
signatures, you can still extend to new signature mechanisms 
but you cannot depend on interoperability.

Humm... very interesting.

I think that it is likely that there will be some significant issues
supporting end user keying via the DNS, not least the fact that 
some form of key provisioning protocol will be required. 

he he... that is an understandment to be sure!

I think that the way per-user keying is likely to be
introduced is as a supplement to domain keying and 
that this will strongly encourage the use of different 
key retrieval mechanisms. 

Yes, such as HTTP :)

I very strongly suggest that people do not redo the work 
already done in the W3C XKMS group or PKIX. We already 
have some very good private key management protocols 
that have been exhaustively managed. 

I need to find time to look into it and see how complex it would be to 
implement.  

--
Arvel Hathcock
CEO, Alt-N Technologies, Ltd.
Helping the World Communicate!
http://www.altn.com




<Prev in Thread] Current Thread [Next in Thread>