Hi Murray,
At 14:36 03-08-10, Murray S. Kucherawy wrote:
>Not long ago we added the capability to store DKIM keys in SQL or
>LDAP databases.
>
>In a conversation I was having with someone at the IETF last week,
>the idea came up of having DKIM keys retrieved in a way other than
>the DNS. In particular, apart from something like PowerDNS, there
>aren't many DNS implementations that allow data to be served from
>within an SQL or LDAP database. This means adding a key for a new
>domain involves creating or updating a zone file, incrementing a
>serial number and requesting a reload.
There was some discussion during the development of DKIM about other
query mechanisms. BIND allows data to be served from SQL or LDAP.
>On the other hand, most or all web servers have plugins that enable
>them to become SQL- or LDAP-capable. That means storing keys in
>such databases is easily interfaced to web servers. So perhaps that
>means serving DKIM keys via a web server rather than via the DNS is
>something the DKIM community should explore.
I don't have any data to back this up; I don't view DNS as secure as
data served from the Web. If we are going for a web approach,
someone will suggest using XML for the data. The subject seems more
like key management instead of scalability of keys. If DKIM keys are
served via a web server, it means that we need SMTP, DNS and HTTP for
the message.
Regards,
-sm
Received on Fri Aug 06 2010 - 22:40:21 PST
This archive was generated by hypermail 2.2.0+W3C-0.50 : Sat Aug 07 2010 - 01:50:00 PST