On Wed, Mar 23, 2016 at 1:00 PM, Miller, Timothy J.
<tmiller(_at_)mitre(_dot_)org>
wrote:
On 3/23/16, 1:33 PM, "smime on behalf of John R Levine" <
smime-bounces(_at_)ietf(_dot_)org on behalf of johnl(_at_)taugh(_dot_)com>
wrote:
If the WG thinks the domain's key should be authoritative, that'd be fine
with me. We didn't want to make any unilateral changes to the trust model
without it being clear that it's a change and that there's consensus
behind it.
So an authoritative service makes sense in an Enterprise context, but not
in a consumer context. How do you preserve consumer choice if Yahoo! owns
their email service, but they want to certify keys elsewhere?
Could Yahoo! (in this example) not provide a means for their users to
update the key lookup service? As the user is authenticated through their
UI, he or she could upload the keys they want in a secure way. (A
realistic deployment caveat might be that Yahoo! puts some restrictions on
e.g. Yahoo! might not support self-signed, weak key sizes etc). One might
argue Yahoo! wouldn't want to provide a key service, but then that's fine.
Without the SRV RR, things should be defined to fall back to the current
state of things.
-Wei
-- T
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime