Doug,
When short cuts are taken in PKI as with SMTP, there should be some
concern.
DKIM voids vetted CAs, as the public key is obtained from DNS, this
provides the URL association directly.
It's really not the same. The implications of a compromised DKIM key
are bilateral *at best*, whereas a CA, particularly a well known one
will have far broader impact.
But that's not what I was talking about. What I was referring to was
Ohta-san's implication that PKI is fundamentally flawed. Perhaps it is,
but I don't see anything better for key distribution to millions of
people. If you, he, or anyone else comes up with something better, I'm
all ears.
Eliot
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf