W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2011

Re: Feedback on draft-burke-content-signature-00.txt

From: Cyrus Daboo <cyrus@daboo.name>
Date: Fri, 25 Mar 2011 16:41:15 -0400
To: Bill Burke <bburke@redhat.com>, Eran Hammer-Lahav <eran@hueniverse.com>
cc: Mark Nottingham <mnot@mnot.net>, "Thomson, Martin" <Martin.Thomson@commscope.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <E2F6BC1E56400FEB6FA01872@cyrus.local>
Hi Bill,

--On March 25, 2011 3:33:40 PM -0400 Bill Burke <bburke@redhat.com> wrote:

> The only thing I worry about DKIM is that it imposes a key management
> structure and infrastructure?  The users I deal with will probably want
> to integrate with existing mechanisms to manage keys and look them up and
> to verify identity (which will probably be different per user). Specially
> I want to apply this protocol to enterprise based systems rather than the
> typical Google/Yahoo/Twitter kind of thing.

A DKIM expert will need to speak up to confirm this, but I believe the key 
management piece is extensible. i.e. right now it defines a DNS-based 
mechanism, but I think you can extend it with others. The choice is 
advertised as one of the attributes in the DKIM header.

I have also been told that there will be a presentation at the Apps Area 
meeting next week on how DKIM can be used for general application security 
issues as described in 
<https://datatracker.ietf.org/doc/draft-crocker-dkim-doseta/>. So you might 
want to check that out.

-- 
Cyrus Daboo
Received on Friday, 25 March 2011 20:41:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:37 GMT