Re: Pre-picking one solution (Re: [ietf-dkim] Re: WG Review: Domain Keys Identified Mail) (dkim)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Pre-picking one solution (Re: [ietf-dkim] Re: WG Review: Domain Keys Identified Mail) (dkim)

To: ietf-dkim at mipassoc.org
Subject: Re: Pre-picking one solution (Re: [ietf-dkim] Re: WG Review: Domain Keys Identified Mail) (dkim)
From: Barry Leiba <leiba at watson.ibm.com>
Date: Thu, 22 Dec 2005 10:32:55 -0500
Cc: ietf at ietf.org
In-reply-to: <43AAA9CF.2050303@cs.utk.edu>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <BFCF9BD0.668D8%fluffy@cisco.com> <E1F958625AE876F8C202368D@svartdal.hjemme.alvestrand.no> <43AAA9CF.2050303@cs.utk.edu>
Reply-to: ietf-dkim at mipassoc.org
Sender: ietf-bounces at ietf.org
User-agent: Thunderbird 1.5 (Windows/20051025)

Keith Moore wrote:

OTOH, the assumption that _all_ public keys used to validate DKIM signatures will be stored in DNS is a very limiting one, because it appears to lead to either

a) a constraint that policy be specified only on a per-domain basis (which is far too coarse for many domains) or


Actually, the DKIM base spec does provide a mechanism for replacing the
DNS keystore with something else.  Look at 1.4 for a general statement,
and the description of the "q=" tag in 3.5.  DKIM's intended to be able
to support user-level keys in a future version (there's some discussion
of that in appendix A), and its design is set up specifically not to
prevent that.

The proposed charter puts the details of other key management systems
and user-level keys out of scope so that we can contain the work at this
stage, and make quick progress on the first version.  It'd be entirely
reasonable to recharter and attack these issues immediately after
completing the first round of chartered work, if there are enough people
who want to work on that.  Or we can see how a while of deployment goes,
and form another WG in a year or so to do it.

Barry

--
Barry Leiba, Pervasive Computing Technology  (leiba at watson.ibm.com)
http://www.research.ibm.com/people/l/leiba
http://www.research.ibm.com/spam

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Follow-Ups:
- Re: Pre-picking one solution (Re: [ietf-dkim] Re: WG Review: Domain Keys Identified Mail) (dkim)
  - From: Keith Moore
- Re: Pre-picking one solution (Re: [ietf-dkim] Re: WG Review: Domain Keys Identified Mail) (dkim)
  - From: william(at)elan.net

References:
- Re: WG Review: Domain Keys Identified Mail (dkim)
  - From: Cullen Jennings
- Pre-picking one solution (Re: [ietf-dkim] Re: WG Review: Domain Keys Identified Mail) (dkim)
  - From: Harald Tveit Alvestrand
- Re: Pre-picking one solution (Re: [ietf-dkim] Re: WG Review: Domain Keys Identified Mail) (dkim)
  - From: Keith Moore

Prev by Date: Re: Pre-picking one solution (Re: [ietf-dkim] Re: WG Review: Domain Keys Identified Mail) (dkim)
Next by Date: Re: Pre-picking one solution (Re: [ietf-dkim] Re: WG Review: Domain Keys Identified Mail) (dkim)
Previous by thread: Re: Pre-picking one solution (Re: [ietf-dkim] Re: WG Review: Domain Keys Identified Mail) (dkim)
Next by thread: Re: Pre-picking one solution (Re: [ietf-dkim] Re: WG Review: Domain Keys Identified Mail) (dkim)
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Pre-picking one solution (Re: [ietf-dkim] Re: WG Review: Domain Keys Identified Mail) (dkim)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.