I reflected on my confusions about per-user vs. per-domain keys for
smime use and suggest the following changes to Section 3 of the
-dane-smime draft:
From:
3. Domain Names for S/MIME Certificate Associations
Domain names are prepared for requests in the following manner.
1. ...
2. ...
3. ...
To:
3. Email Address Key Lookup
Keys are stored in the DNS on a per-user basis, underneath the
the email address domain name.
The general form of the lookup name is formulated from the
user’s email address:
<local-part-hash>.smimecert.<domain>
The algorithm for formulating the lookup name is:
1. ... existing algorithm text
2.
3.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
