On 1/7/25 12:27 PM, John Levine wrote:
It appears that Michael Thomas <[email protected]> said:
Are you against DNS (and by extension its security mechanisms) being
used for DKIM in general? And not that you would find it valuable to
know if the public keys were fetched in a way that their
authenticity/integrity is known?
It was a mistake, yes. We didn't understand the overall costs at the
time and DNS seemed like a cheaper (computewise, etc) alternative to
setting up a https based key server.
If you think that's a good idea, I encourage you to write a draft and see
if anyone is interested.
Wouldn't do much good if it weren't in the charter. But there already is
a draft.
But first, I hope we are all aware that the vast majority of https certificates
are signed automatically using ACME. How does ACME validate the domain names it
signs?
This doesn't make any sense.
Mike
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
