> From: John Levine [mailto:[EMAIL PROTECTED]
> Your hash and wildcard trick works great if the signatures > are all applied by an MTA under the control of the domain's > management. But if you let roaming users sign their own mail > in the MUA, you really need to give each potentially > untrustworthy user a separate key. Agreed, I think that is essential if you have MUA signing for a whole heap of reasons. If I have a million users and a million copies of a private key floating around then I have effectively lost control. Basicially that would mean you end up with the cost and complxity of running a public key scheme and get none of the benefit. You still have to have a means of provisioning the key to the MUA. If you are going to sign in the MUA you need a key lifecycle management solution. _______________________________________________ ietf-dkim mailing list [email protected] http://mipassoc.org/mailman/listinfo/ietf-dkim
