Re: replay, revocation, repudiation, was RE: [ietf-dkim] On per-user-ke

ietf-mailsig

Re: replay, revocation, repudiation, was RE: [ietf-dkim] On per-user-keying

2005-08-11 13:04:13

from [SM]


Hi Tony,
At 10:50 11-08-2005, Tony Finch wrote:

I'm not sure why Phillip thinks DKIM requires a full-on PKI. Isn't
publishing and removing short-lived keys in the DNS sufficient? Key
removal provides a simple repudiation mechanism, if the TTLs are suitably
short.

Key removal may also affect valid mail that has been sent during thattime. Key removal may not be an adequate repudiation mechanism,especially for large domains. If the TTL is too short, we lose thebenefits of DNS caching.


Regards,

-sm

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
RE: [ietf-dkim] On per-user-keying, Hallam-Baker, Phillip replay, revocation, repudiation, was RE: [ietf-dkim] On per-user-keying, Tony Finch Re: replay, revocation, repudiation, was RE: [ietf-dkim] On per-user-keying, SM <= Re: replay, revocation, repudiation, was RE: [ietf-dkim] On per-user-keying, Earl Hood

Previous by Date:	RE: replay, revocation, repudiation, was RE: [ietf-dkim] On per-user-keying, Hallam-Baker, Phillip
Next by Date:	Re: replay, revocation, repudiation, was RE: [ietf-dkim] On per-user-keying, Earl Hood
Previous by Thread:	replay, revocation, repudiation, was RE: [ietf-dkim] On per-user-keying, Tony Finch
Next by Thread:	Re: replay, revocation, repudiation, was RE: [ietf-dkim] On per-user-keying, Earl Hood
Indexes:	[Date] [Thread] [Top] [All Lists]