On Tue, 26 Jul 2005, Arvel Hathcock wrote:
There will definitely be an HTTP based key-fetching mechanism someday for
use with DKIM. It's beneficial especially for customers like mine who are
SMB organizations without direct access or special knowledge about DNS.
Imagine trying to do per-user keys or even per-domain keys that expire
frequently using DNS as the key server. Now imagine having to do that for a
company that doesn't run it's own DNS and has to ask their ISP every time
they want a change.
I expect that there will be special DKIM-keyserver-specific DNS servers
which will automate the management job, so the only configuration at the
ISP would be an NS record to delegate the _domainkey sub-zone parallel to
the domain's MX record, and this is a one-off admin job.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR
GOOD.