DKIM TTPs (was Re: [ietf-dkim] editorials and nits)
Jim Fenton
fenton at cisco.com
Wed Jul 5 14:57:21 PDT 2006
Paul Hoffman wrote:
> At 12:44 PM -0700 7/5/06, Douglas Otis wrote:
>> DKIM generally represents a domain wide entity. A trusted third
>> party (TTP) establishes trust between two parties when both trust the
>> third party. For DKIM, the TTP would be the signing domain verified
>> by DNS.
>
> This is completely wrong, and goes against nearly everything that this
> WG has been working on. The signing domain is *not* trusted.
>
> Does anyone other than Doug think that it is?
We have talked about the concept of third-party signatures, although
this concept is really developed in the SSP draft, which hasn't come up
yet. But DKIM does not in general depend on a trusted third party to
function, except possibly for DNS.
Doug does have a point though. He says, "...nor does DNS represent a
discrete entity or party." Describing DNS as a "party" to this protocol
is probably a stretch.
-Jim
More information about the ietf-dkim
mailing list