Dave Isaacs skrev, on 05-12-2007 22:38: >> Look at OP's email address, Google and waste no more time on him. >> > You know, I am a bit taken aback by this response. I am not here trying to > sell certificates or anything. I came here with a legitimate question and > request for opinions, not with the intent of "wasting" your time.
There is absolutely no point in having any certificate authority go good for an individual's DKIM private key. The only point of having any certificate authority go good for any private key is when that key is used in a chain used to verify the signee's veracity, and where the signing authority is prepared to take public, economic and moral responsibility for that signee. In DKIM's case, DNS goes good for his veracity - DNS is used as the basis for the originator's domain, which is where his public key is stored. To trace the veracity of the signer's DNS site, use BIND 9's 'dig +trace example.com' where "example.com" is the actual domain, and do 'dig @resulting.dns.server selector._domainkey.example.com txt' to get his public key. I'm sorry if you found yourself hung out ;) Best, --Tonni -- Tony Earnshaw Email: tonni at hetnet dot nl ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
