On Tuesday 15 October 2019 18:52:18 CEST, Hector Santos wrote:
I wish I understood more of this discussion and "basic
problem," if any,
It's this: if someone were to tell the .com registry that starting
immediately, they wish to sign domain hsantos.com and will the .com
registry please include the necessary RRs in .com, how would the .com
registry know whether to trust that someone?
Once the domain is signed and the records are in .com, there's a fine
mechanism that anyone can use to check whether that someone actually
controls hsantos.com. But what about the initial inclusion of the
signature-related records in the .com zone?
There are ways, sometimes at least. For example, if it's done when the
domain is initially registered, then it's clear that the registrant
actually is the registrant. But initiating trust is a difficult problem if
you want to solve it generally.
ietf-smtp mailing list