[ietf-dkim] Delegating responsibility: a make vs. buy design
mike at mtcc.com
Wed Aug 23 10:41:38 PDT 2006
Dave Crocker wrote:
>Wietse Venema wrote:
> > There is no need for the signing party to acquire a secret key
>>from the author party. To delegate signing from example.com
>>to isp.com, with d=example.com as a first-party signature:
>There is an administrative choice, here. One can delegate a zone or delegate a
>private key. The former is more simple, for on-going administrative, but it
>leaves less control in the hands of the domain owner.
Just to be absolutely pedantic here, it's better to *enroll* the public
delegating a private key. That said, I agree with what Dave says here.
More information about the ietf-dkim