[VOIPSEC] DKIM Domain Key Identified Mail

[Jon Callas]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 24 Nov 2005, at 12:21 AM, Simon Horne wrote:

> It's very light weight and I wonder whether it would applicable to use
> between SIP servers
> ie the server signs the invite message and the receiver validates the
> signature before routing the message.
>
> I don't think storing in DNS and retrieving as required is a good  
> idea for
> real time communication however having a central repository might  
> be an
> idea which the SIP servers can put down every day or so. This will  
> save a
> lot of work compared to each server maintaining a large ACL

Using DNS isn't required, it's merely the only one designed. As we  
were putting together DKIM, there were other proposals for key  
retrieval, such as using a separate server, or another service such  
as XKMS. The basic idea, however, that you carry the signature with  
the message and go to the domain for the signing key has as an  
advantage that you don't need to have a central repository.

I think avoiding central repositories is a very good idea for a VOIP  
infrastructure.

	Jon (one of the DKIM authors)

- -- 
Jon Callas
CTO, CSO
PGP Corporation         Tel: +1 (650) 319-9016
3460 West Bayshore      Fax: +1 (650) 319-9001
Palo Alto, CA 94303     PGP: ed15 5bdf cd41 adfc 00f3
USA                          28b6 52bf 5a46 bc98 e63d
	



-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.0.3

iQEVAwUBQ4XiULveU3tlJIqaAQjo/wgAoLEBMa9UsPdRYhAYun3J69oMZr6rRaTp
5GGZCijqfEIDCYKzYpGayR6tfF9OVpT11+iQxDS8NbhwiRdWTtpFazjH6kCpKlY7
lvEjChabiEO6+LpMsScTXYrs2N0ettP01BMO/X+lZoI8RhGqK7GM8La/bxiJmowk
PJYyu0/Hhn3zdy9DKR4M2QJsFbO9Zw6R17dij8IAIVhAqMdlC4mjjn3sOeWbILRA
NCJw5IESQwWBxNdtpwMZQhCgd0sgJeUk+OYTsQ8QdugNJoTgqp81tzjuoFeTI3aU
1vwK9GzqsrQSj6w8dFCUEebXMBUHbkiEwzi46HUTpWEqI8W9JYEorA==
=dhEz
-----END PGP SIGNATURE-----