[Top] [All Lists]

Re: [ietf-smtp] DKIM encryption, was Request for discussion

2013-10-18 15:18:10
On 10/17/2013 09:08 PM, John Levine wrote:
I'm in for spec writing and doing implementation experiments.
I'll write something up for the DKIM thing.

DKIM is the abbreviation of DomainKeys _Identified_ Mail. I agree with others that the term 'DKIM' cannot be used for this new protocol, the authors of DKIM have always tried to limit the scope of DKIM in many discussions on ietf-dkim, with the result of DKIM being defined as:

   DomainKeys Identified Mail (DKIM) permits a person, role, or
   organization that owns the signing domain to claim some
   responsibility for a message by associating the domain with the

If, nonetheless, the consensus would be to use DKIM for this new protocol in order to be able to benefit from the fact that DKIM is well-known and has a large installed base, then in my view 'DKIM would need to be redefined, for example to refer to 'DomainKeys Internet Mail'. In which case there's an awful lot of work to do to either explain the two incarnations of DKIM, or to come up with one combined standard describing both types of usage of DKIM (similar to S/MIME which covers both signing and encryption).

If anyone actually
understands PGP or S/MIME (you can stop laughing now) help would be
appreciated, since I want to borrow as much as possible from one of
them to avoid inventing my own probably broken crypto scheme.

As for the part that describes storage of the keys in DNS I'd suggest to take a look at DANE [1]. Looking at DANE and a number of new related drafts [2], [3], [4], together with this new draft John will write, and given the fact that in the future there probably will be more protocols with a need to store keys in DNS, it seems to me that there is a need to unify all of these DNS key storage schemes.



ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>