[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PROCEDURAL ISSUE: RE: QUERY: Key Server Choices
--- Thomas Roessler <tlr@xxxxxx> wrote:
>
> On 2005-07-25 17:13:27 -0700, Hallam-Baker, Phillip wrote:
>
> > The true choices here are three fold:
> >
> > 1) Only use DNS based keying
> > 2) Design a completely new non-DNS based keying mechanism from scratch
> > 3) Support the use of existing non-DNS keying mechanisms that are
> > approved standards
>
> I agree.
>
> (As I said before, I don't think the charter should a priori exclude
> non-DNS mechanisms for key storage and retrieval. I'm fine, though,
> with leaving the design of entirely new mechanisms out of scope.)
I know it's not an issue for everyone, but if a relatively heavy-weight key or
policy fetching mechanism, such as HTTP or HTTPS becomes required, then it has
a substantial infra-structure impact on large inbound mail sites - especially
if the policy lookup is required subsequent to a failed or non-existent
signature, which will be the common case for quite some time.
Having an optional accreditation mechanism that uses a heavy-weight protocol is
more tolerable.
Mark.