The problem is that XMKS says a whole lot about the format
and semantics of the request and response sent to and from
the web server, but it doesn't say anything I can see about
what URL to use.
To obtain the domain name of the XKMS server for example.com you look up
the XKMS XKISS SRV record as specified in the spec. The localpart of the
URL is null.
Ah, I was looking at XKMS1, the SRV was added in XKMS2. So what do
you do with the selector? Use it as part of the name of the SRV? Use
it as it the KeyName in the request? Do you send along the i=
identity as a UseKeyWith Identifier? What application name goes in
UseKeyWith? In the query, should you include a TimeInstant for the
date of the message? What response type should it ask for,
RSAKeyValue or something else?
Like I said, XKMS appears to be a reasonable way to look up keys, but
its binding to DKIM is severely underspecified. I hope we all agree
that defining something in two minutes without trying it out to see
how it interoperates with real XKMS servers isn't a very good way to
design a protocol. So we're not gonna do it right now.
R's,
John