All,
Attached is a proposal for an accreditation mechanism based on the
existing DNS A record conventions but designed to allow extension to support
other approaches.
I do not propose the draft as a work item IN THIS PARTICULAR GROUP.
However I do believe that the MARID proposal should provide at least the
same degree of support for accreditation as CallerID and SPF do.
Basically it should be possible to announce the fact that there is
an accreditation and the location where that accreditation should be
verified. If there is no way to say who your accreditation service is then
we will be stuck with the 'single root of trust' problem that people have
complained of wrt SSL certificates. It also means that a receiver does not
end up having to check every accreditation service in existence just to find
out which one the sender is subscribed to.
The information that needs to be added into the domain record is a
tripple:
Accreditation - This attribute describes an accreditation
Domain - The domain of the accreditation service
Protocol(s) - A list of the verification protocol(s)
that the
service supports.
The draft describes how this information can be expressed in the SPF
and CallerID formats. Given the MARID schedule it is likely that there will
be experience from trial deployments before the MARID spec is ready.
Phill
accreditation.txt
Description: Text document