[doseta-discuss] suggestions/concerns on spec

[J.D. Falk]

On Jun 2, 2011, at 11:04 AM, Bill Burke wrote:

> One of the problems I had was to actually find somebody that has deployed DKIM.  I could not find anybody as of yet.

That's surprising.  There are thousands of deployments, going back 5+ years.

Perhaps try the IETF DKIM Working Group?  http://tools.ietf.org/wg/dkim/

> The people I talked to thought using DNS was an interesting idea, but the biggest concern was the lack of knowledge/deployment of DNS Sec.  Security sounds like it might be an issue with public key publication.  I don't know enough about DNS to say whether or not something like DNS SEc would be required to ensure the integrity of the public key you are obtaining to verify a signature.

http://tools.ietf.org/html/rfc5863#section-3.2 mentions DNSSEC briefly.  I'm not sure how widespread the DNSSEC+DKIM combination is today, though.

> - A very generic signature header specification that describes how the signature header is created, canonicalized, and how the hash and signing algorithms are applied.  Very few fields should be required.  And only a few defined (like bh, v, h only).  SOme of the people talked to are interested in a signature header spec, but uninterested in DKIM.  Like for instance, they want to be able to use a signature header to sign requests and not necessarily a body.  It would be good to define something that people can refer to and innovate with on their own for their own purposes.

Isn't that what DOSETA is?

--
J.D. Falk
the leading purveyor of industry counter-rhetoric solutions