> And two minor comments on the architecture... > > > > Architecture: > > > > The DKIM working group will produce standards-track specifications > > that describe authentication of message headers using public-key > > signatures. > s/message headers/email messages, including selected headers,/ > > A key distribution mechanism will be described employing a > key centric > > architecture employing domain names as identifiers. > Please clarify... `key centric`? and avoid double use of > `employing`...
Key-centric PKI is a term coined by (I think) Brian LaMacchia to distinguish the PGP Key server and XKMS style of PKI from Lauren Kohnfelder's certificate based approach. I think he coined the term while at MIT and was working on the key server there. The distinction is that in the Kohnfelder architecture the PKI is a means of distributing certificates, its all about the certificates, every request is of the form 'give me a certificate that looks like this' or 'is this certificate valid for that'. In the key centric model the requests are all focused on the key, certificates if present are merely transport. The basic XKMS locate query is 'what is the key I need to talk PGP to [EMAIL PROTECTED]'. The DKIM PKI is very definitely in the XKMS key centric model. _______________________________________________ ietf-dkim mailing list http://dkim.org
