[ietf-dkim] Certifying the DKIM public key?
J.D. Falk
jdfalk-lists at cybernothing.org
Sun May 22 14:26:31 PDT 2011
On May 22, 2011, at 12:27 PM, John R. Levine wrote:
> It occurs to me that since mail certification is likely to make assertions
> about behavior as well as identity, the SSL model in which certs last for
> a year won't work, since behavior can change rapidly. Either the
> certifier has to issue a stream of short-term certs to everyone it
> certifies, or the verifiers have to check CRLs, which is tedious. By the
> time you do all that, a DNS check, even one with DNSSEC, looks pretty
> attractive.
That's how it works at the IP level today.
--
J.D. Falk
the leading purveyor of industry counter-rhetoric solutions
More information about the ietf-dkim
mailing list