> Am 02.04.2015 um 19:33 schrieb Viktor Dukhovni <[email protected]>: > > On Thu, Apr 02, 2015 at 07:29:21PM +0200, Christian R??ner wrote: > >> I never knew that you can use a public key for signing. Or at least I never >> tried. > > Your initial thinking was right, the private key is used for signing, > but the public key is published so that verifiers can validate the > signature. The proposal is to publish verification (public) keys > (that validate received mail) separately from encryption (public) > keys that enable encryption of outgoing mail.
Thanks. But in that case I don’t really get the use case of ._encr and ._sign, as I can not believe that people would distribute different keys for signing and encrypting mails (in the sense you described) If I have a pair of public/private keys, I would expect that a sender does not use a second private key just for signing and that you would require a second public the public key for verification. Das that scenario really exist? Or is it more of a theoretical nature with these two subdomains? Just my personal opinion, if I may say it: I would vote against two different subdomains. Christian _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
