[ietf-dkim] Delegating responsibility: a make vs. buy design
decision
Michael Thomas
mike at mtcc.com
Wed Aug 23 10:41:38 PDT 2006
Dave Crocker wrote:
>Wietse Venema wrote:
> > There is no need for the signing party to acquire a secret key
>
>
>>from the author party. To delegate signing from example.com
>>to isp.com, with d=example.com as a first-party signature:
>>
>>
>
>There is an administrative choice, here. One can delegate a zone or delegate a
>private key. The former is more simple, for on-going administrative, but it
>leaves less control in the hands of the domain owner.
>
>
Just to be absolutely pedantic here, it's better to *enroll* the public
key vs.
delegating a private key. That said, I agree with what Dave says here.
Mike
More information about the ietf-dkim
mailing list