Michael Thomas wrote: > Mark Delany wrote: >> 5. If the customer trusts you, they might supply a private key to >> match a Selector so that you can sign the submissions on their >> behalf. > > It's easier than that. The customer merely needs to put a public > key that the esp's signer is using already into their selector, > and then the esp can sign as the customer's domain. This is yet > another manifestation of the "outsourced business" functionality. Agreed.
Yet another option, even if you don't host the domain's DNS, they can still delegate the _domainkey subdomain back to you. This gives you the ability to sign messages on their behalf, and also take care of key management (rollover, etc.) without any action on the domain's part. -Jim > > Mike > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html > _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
