On Wed, 12 Jan 2011 17:10:52 -0000, Dave CROCKER <[email protected]> wrote:
> This raise a specific and interesting technical point. I haven't seen a > response so far, so... > The core of this technology has keys that are named and accessed in > terms of > domain names. It really is fundamental to this technical approach. I don't see how that can be so. The fundamental core of this technology is a mechanism for contructing a hash covering a named selection of headers and a body, coupled with some canonicalization rules, and incorporating that into a signature header using some well-known algorithm such as rsa (but allowing for others). The question of making the public key available is entirely orthogonal to that core protocol. The DSN mechanism is fine for some applications, especially where the lifetime of the signature is at most a few weeks. But other means of publicising (and especially of authenticating) public keys are also in widespread current use and there is nothing in the core protocol that would prevent their use in other applications where they were more suitable. So DOSETA should provide for multiple plug-in key storage mechanisms in just the same was as it provides for multiple plug-in canonicalizations. By all means include the current DNS method as plug-in-key-management #1. -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Web: http://www.cs.man.ac.uk/~chl Email: [email protected] Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
