On May 22, 2011, at 12:27 PM, John R. Levine wrote: > It occurs to me that since mail certification is likely to make assertions > about behavior as well as identity, the SSL model in which certs last for > a year won't work, since behavior can change rapidly. Either the > certifier has to issue a stream of short-term certs to everyone it > certifies, or the verifiers have to check CRLs, which is tedious. By the > time you do all that, a DNS check, even one with DNSSEC, looks pretty > attractive.
That's how it works at the IP level today. -- J.D. Falk the leading purveyor of industry counter-rhetoric solutions _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
