DKIM TTPs (was Re: [ietf-dkim] editorials and nits)
Paul Hoffman
phoffman at proper.com
Tue Jul 4 08:52:04 PDT 2006
At 10:40 AM +0100 7/4/06, Stephen Farrell wrote:
>>>#3 1.1, 2nd set of bullets. dkim *does* require a ttp - the DNS.
>>>Better to say that dkim requires no *new* ttp.
>>
>>I don't see DNS as a "third party" in the same sense as a CA for
>>certs. Yes, DNS has to work, but it isn't a third party (unless
>>you want to count the root servers, I suppose). By this logic, we
>>should also include the multiple third parties that run the routers
>>and all the rest of the infrastructure.
>
>In my little PKI-riddled mind, the DNS is a TTP since it supplies the
>public keys and if/when DNSSEC were used, it starts to look quite like
>a PKI. The routers etc. won't ever really be supplying signed key
>records. But if no-one else thinks the same, leaving as-is if of course
>right.
My brain has the same affliction as Stephen's in this department. The
keys have to be distributed somehow. The keys are not inherently
trusted. DKIM users trust the keys they get from the DNS. The DNS is
the trusted third party who hands out keys.
More information about the ietf-dkim
mailing list