On July 25, 2005 at 10:18, Dave Crocker wrote:
So I think the questions are:
1. Key Server:
1a. Do you agree that storing public keys in the DNS is the way to go? or
I believe it is one method that should exist. Although I agree with
the criticisms that it is "abusing" what DNS is used for, and that
DNS does have limitations wrt security, I have no objections to it.
1b Would using some form of HTTP retrieval or HTTP key server be better?
It may be better, but it does not need to be defined now. As long
as DKIM allows such methods to be defined later, I'd be happy.
2. Working group project management
2a. Should the working group focus on the current, DNS-based
mechanism now, and pursue additional mechanisms later? or
Yes, but keep other mechanisms in mind.
For example, keeping other types of systems in mind has me liking
the idea of the "two hash" method of signing, which I describe in an
earlier post and, I believe, meta-signatures employs.
To summarize, a digest is computed of the data to be protected. That
digest, along with other signing meta-information, is what is signed.
This structure is very useful in third-party signing service models.
2b. Should the working group include development of a
non-DNS-based mechanism as part of its initial delivery?
Not required.
--ewh