On 05/23/2011 11:17 AM, Dave CROCKER wrote:
> As an impressive example of even deeper misunderstanding:
>
More of CROCKER's famed civility.
>> On 5/22/2011 10:49 AM, Michael Thomas wrote:
>>
>>> But this is exactly what DKIM is. You prove yourself fsvo "prove"
>>> to the registrar who "
On 5/22/2011 10:43 AM, John R. Levine wrote:
>> VBR queries are about an actor, not a message.
>>
>> Certs can be coupled to a particular message -- this was an interesting
>> semantic distinction about Goodmail's certification scheme -- although I
>> believe that typically they, too, are only sc
John R. Levine wrote:
>> But this is exactly what DKIM is. You prove yourself fsvo "prove"
>> to the registrar who "certifies" you by virtue of placing your NS
>> records in the root servers instead of issuing a cert.
>
> Registrars, as we all know, rarely check any credential beyond the
> confir
On May 22, 2011, at 12:27 PM, John R. Levine wrote:
> It occurs to me that since mail certification is likely to make assertions
> about behavior as well as identity, the SSL model in which certs last for
> a year won't work, since behavior can change rapidly. Either the
> certifier has to iss
> But this is exactly what DKIM is. You prove yourself fsvo "prove"
> to the registrar who "certifies" you by virtue of placing your NS
> records in the root servers instead of issuing a cert.
Registrars, as we all know, rarely check any credential beyond the
confirmation code from the credit car
On 05/22/2011 10:27 AM, John R. Levine wrote:
> It occurs to me that since mail certification is likely to make assertions
> about behavior as well as identity, the SSL model in which certs last for
> a year won't work, since behavior can change rapidly. Either the
> certifier has to issue a strea
> VBR queries are about an actor, not a message.
>
> Certs can be coupled to a particular message -- this was an interesting
> semantic distinction about Goodmail's certification scheme -- although I
> believe that typically they, too, are only scoped to the actor, not the
> specific content.
N
On 5/22/2011 10:27 AM, John R. Levine wrote:
>>> through a separate, value-added mechanism. My own preference would be for
>>> using
>>> a special header-field that contains the cert, with the specification of
>>> using
>>> such certs as saying that they are enabled when included in the set of
>> through a separate, value-added mechanism. My own preference would be for
>> using
>> a special header-field that contains the cert, with the specification of
>> using
>> such certs as saying that they are enabled when included in the set of h=
>> covered header fields.
I don't see how this
On 05/22/2011 08:02 AM, Dave CROCKER wrote:
>
> 3. As noted, certification was explicitly de-coupled from DKIM. I'll claim
> that
> it really is a separate, value-added service and any support of it should be
> through a separate, value-added mechanism. My own preference would be for
> using
>
On 5/19/2011 3:17 PM, Murray S. Kucherawy wrote:
>> -Original Message- From: ietf-dkim-boun...@mipassoc.org
>> [mailto:ietf-dkim-boun...@mipassoc.org] On Behalf Of Rolf E. Sonneveld
...
>> recently someone asked me whether it would have any added value if the DKIM
>> public key, which is
>recently someone asked me whether it would have any added value if the
>DKIM public key, which is stored in DNS, would be 'certified' in some
>(yet to be determined) way by a 3rd party like VeriSign, Thawte etc.?
Sure. See RFC 5518.
R's,
John
___
NOT
Rolf E. Sonneveld wrote:
> Hi, all,
>
> recently someone asked me whether it would have any added value if the
> DKIM public key, which is stored in DNS, would be 'certified' in some
> (yet to be determined) way by a 3rd party like VeriSign, Thawte etc.? My
> first reaction was, that it made n
On 5/19/11 2:32 PM, Rolf E. Sonneveld wrote:
> Hi, all,
>
> recently someone asked me whether it would have any added value if the
> DKIM public key, which is stored in DNS, would be 'certified' in some
> (yet to be determined) way by a 3rd party like VeriSign, Thawte etc.? My
> first reaction was,
> -Original Message-
> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
> On Behalf Of Rolf E. Sonneveld
> Sent: Thursday, May 19, 2011 2:33 PM
> To: IETF DKIM WG
> Subject: [ietf-dkim] Certifying the DKIM public key?
>
> Hi, all,
>
Hi, all,
recently someone asked me whether it would have any added value if the
DKIM public key, which is stored in DNS, would be 'certified' in some
(yet to be determined) way by a 3rd party like VeriSign, Thawte etc.? My
first reaction was, that it made no sense, but I'm no longer sure
wheth
16 matches
Mail list logo
