29 Nov
2005
29 Nov
'05
10:39 a.m.
Yes and No. Of course the receiver needs to know the public key of the
sender to verifiy the signature. But there is no need to pre-share the
public keys, as they are published via DNS. The domain for fetching the
public key from DNS consists of the "selector" + "._domainky" + the
domain of the From: URI, e.g:
dig 2005._domainkey.dk.labs.nic.at TXT
;; ANSWER SECTION:
2005._domainkey.dk.labs.nic.at. 3600 IN TXT "k=rsa\;
p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxALysT867uZ/ckWZpL6UTKt/7ZLPr1BkWIukU16egelXT8FYagoilfznoU2H
LcBQPzwIDAQAB"
regards
klaus
Daniel-Constantin Mierla wrote:
Hi Klaus,
would this approach require key exchange between the peering domains?
Cheers,
Daniel
On 11/28/05 19:44, Klaus Darilion wrote:
Hi!
I've just posted a domainkeys module on the tracker on sourceforge:
http://sourceforge.net/tracker/index.php?func=detail&aid=1368417&gr…
This is a "proof-of-concept" and at the moment not a module for real
usage. Further, this is something which not standardized or documented
anywhere. It's just an experiment to use the domainkeys technology
(invented as anti-SPAM technology for emails) also with SIP.
Following some snippets from the README file.
If you would like to discuss this idea with me, you'r welcome.
regards
klaus