It appears that Michael Thomas <[email protected]> said: >> Are you against DNS (and by extension its security mechanisms) being >> used for DKIM in general? And not that you would find it valuable to >> know if the public keys were fetched in a way that their >> authenticity/integrity is known? > >It was a mistake, yes. We didn't understand the overall costs at the >time and DNS seemed like a cheaper (computewise, etc) alternative to >setting up a https based key server.
If you think that's a good idea, I encourage you to write a draft and see if anyone is interested. But first, I hope we are all aware that the vast majority of https certificates are signed automatically using ACME. How does ACME validate the domain names it signs? R's, John _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
