On 06/01/2025 03:01, Michael Thomas wrote:
That makes the assumption that there weren't alternatives a housing the public keys in DNS that were more secure. There were. There still are, and they are widely known and deployed.
Wouldn't it suffice if Authentication-Results header were to optionally contain DNSSEC status for the public key that the signature was checked against?
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
