--- "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com> wrote:
q=xkms
Ahhh. So we're talking about heavy-weight key fetching alternatives. I thought
the original discussion was about *optional* accreditation look-ups that were
additional to verification.
I would suggest something like an optional accreditation tag in either the
selector or whatever light-weight policy RR gets invented. I'd also like such a
tag to identify, in-band, the accreditation authority so that I can make some
decisions on whether to even bother with the accreditation fetch. Some random
URL doesn't meet that need.
I for one would not vote for a mechanism that could potentially result in my
inbound systems having to initiate a large number of heavy-weight key look-up
requests. And, if the sender can choose to send with q=xkms, that inbound
system load is quite a feasible scenario, in my mind.
Mark.