Hi Tony, At 10:50 11-08-2005, Tony Finch wrote:
I'm not sure why Phillip thinks DKIM requires a full-on PKI. Isn't publishing and removing short-lived keys in the DNS sufficient? Key removal provides a simple repudiation mechanism, if the TTLs are suitably short.
Key removal may also affect valid mail that has been sent during that time. Key removal may not be an adequate repudiation mechanism, especially for large domains. If the TTL is too short, we lose the benefits of DNS caching.
Regards,-sm
<Prev in Thread] | Current Thread | [Next in Thread> |
---|---|---|
|
Previous by Date: | RE: replay, revocation, repudiation, was RE: [ietf-dkim] On per-user-keying, Hallam-Baker, Phillip |
---|---|
Next by Date: | Re: replay, revocation, repudiation, was RE: [ietf-dkim] On per-user-keying, Earl Hood |
Previous by Thread: | replay, revocation, repudiation, was RE: [ietf-dkim] On per-user-keying, Tony Finch |
Next by Thread: | Re: replay, revocation, repudiation, was RE: [ietf-dkim] On per-user-keying, Earl Hood |
Indexes: | [Date] [Thread] [Top] [All Lists] |