ietf-mailsig
[Top] [All Lists]

Re: QUERY: Key Server Choices

2005-07-26 22:12:29


----- Original Message -----
From: <domainkeys-feedbackbase02(_at_)yahoo(_dot_)com>

Provided that is consistent with the policy record. IE if the policy
record says that every message is signed with q=dns then q=xkms is an
error.

Hmm. This is an interesting definition of "optional". I think any
xkms-type
proposal needs to be optional for the receiver too - which is what
Michael's
sample implies.

I agree.  This is what I suggested in my earlier post (response to Dave's
poll).

My suggestion was to spec out that all DKIM receivers must support DNS and
that any extended xkms SIGNER must also support a DNS policy for receivers
who don't support the XKMS/DKIM query protocol.

There must be a fall back if this is to even have a chance to work,
otherwise, a spammer can use a protocol that it knows isnt' support by the
majority of systems.

But then again, maybe the signer can "dynamically" adjust the q= tag on a
per message basis for destination MTA machine.  Thats a whole new level of
CLIENT based lookup concepts and if we go there,  we don't need DKIM any
more <g>.

However, the way you're casting it is that the sender could
dictate to  the receiver that they *have* to fetch via xkms, is that
correct?

I didn't get that from Phil at first, but then new messages from him throw
me a bit off <g>

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com


<Prev in Thread] Current Thread [Next in Thread>