Key rollover and draft-delany-domainkeys-base-01.txt (fwd)
Dirk-Willem van Gulik <dirkx@webweaving.org> Wed, 17 November 2004 16:32 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA16074; Wed, 17 Nov 2004 11:32:11 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CUSlZ-0005IJ-9Y; Wed, 17 Nov 2004 11:34:45 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CUSgc-0000NV-RH; Wed, 17 Nov 2004 11:29:38 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CUSV0-0005ru-TD for ietf@megatron.ietf.org; Wed, 17 Nov 2004 11:17:38 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA14434 for <ietf@ietf.org>; Wed, 17 Nov 2004 11:17:36 -0500 (EST)
Received: from skutsje.san.webweaving.org ([209.132.96.45]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CUSXR-0004rZ-A3 for ietf@ietf.org; Wed, 17 Nov 2004 11:20:10 -0500
Received: from mobile.webweaving.org (40322028.ptr.dia.nextlink.net [64.50.32.40]) by skutsje.san.webweaving.org (8.12.9/8.12.9) with ESMTP id iAHGFoFC013845 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 17 Nov 2004 08:15:51 -0800 (PST) (envelope-from dirkx@webweaving.org)
Received: from localhost (localhost [127.0.0.1]) by mobile.webweaving.org (Postfix) with ESMTP id 31356576FF4; Wed, 17 Nov 2004 08:17:35 -0800 (PST)
Date: Wed, 17 Nov 2004 08:17:34 -0800
From: Dirk-Willem van Gulik <dirkx@webweaving.org>
X-X-Sender: dirkx@merlijn.local
To: domainkeys-feedbackbase01@yahoo.com
Message-ID: <Pine.OSX.4.58.0411170750420.589@merlijn.local>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e5ba305d0e64821bf3d8bc5d3bb07228
Cc: ietf@ietf.org
Subject: Key rollover and draft-delany-domainkeys-base-01.txt (fwd)
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
Good draft - got it to work quite easily; excelent examples in the draft, that does help. However.. ideally one would like the keys to be relatively short (i.e. ensure it easily fits in the UDP reply; along with other dns info; and in order to keep calculation times on todays HW resonable). This implies strongly that one wants to do key roll over. Would it be an idea to extend the proposal to -> Allow multiple (or at least 2) DomainKey-Signature: blocks if needed along with something like: " The signature of the email is stored in the "DomainKey-Signature:" header. This header contains all of the signature and key-fetching data. In order to allow for key rollover There MUST be at least one DomainKey-Signature but more MAY be present. If multiple DomainKey-Signature are present then the receiving MTA MUST verify each of them in the order received until one of them verifies correctly. " Alternatively one could allow multiple TXT replies; but this makes it sure to violate the UDP size limit. Also - if the keys are < 500 bits or so - roll over would be very frequent - hence easily leading to long periods in which this UDP limit would be violated. Cheers, Dw _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- Key rollover and draft-delany-domainkeys-base-01.… Dirk-Willem van Gulik