On 1/5/25 4:58 PM, Dave Crocker wrote:
On 1/5/2025 3:29 PM, Michael Thomas wrote:
One of the key assumptions that was made 20 years ago is that DNSsec
would ultimately be deployed and thus could be counted on to secure
fetching the the DKIM selector record.
The careful assessment at the time was that that type of protection
was a DNS issue and not a DKIM issue.
That is, if there is serious, Internet-wide concern for that kind of
DNS protection, it is the job of the DNS community to provide it,m
rather than the job of a particular service or application using the DNS.
That makes the assumption that there weren't alternatives a housing the
public keys in DNS that were more secure. There were. There still are,
and they are widely known and deployed.
Mike
_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org
