It appears that Michael Thomas <m...@mtcc.com> said: >> Are you against DNS (and by extension its security mechanisms) being >> used for DKIM in general? And not that you would find it valuable to >> know if the public keys were fetched in a way that their >> authenticity/integrity is known? > >It was a mistake, yes. We didn't understand the overall costs at the >time and DNS seemed like a cheaper (computewise, etc) alternative to >setting up a https based key server.
If you think that's a good idea, I encourage you to write a draft and see if anyone is interested. But first, I hope we are all aware that the vast majority of https certificates are signed automatically using ACME. How does ACME validate the domain names it signs? R's, John _______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
