Yes and No. Of course the receiver needs to know the public key of the sender to verifiy the signature. But there is no need to pre-share the public keys, as they are published via DNS. The domain for fetching the public key from DNS consists of the "selector" + "._domainky" + the domain of the From: URI, e.g:
dig 2005._domainkey.dk.labs.nic.at TXT
;; ANSWER SECTION: 2005._domainkey.dk.labs.nic.at. 3600 IN TXT "k=rsa; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxALysT867uZ/ckWZpL6UTKt/7ZLPr1BkWIukU16egelXT8FYagoilfznoU2H LcBQPzwIDAQAB"
regards klaus
Daniel-Constantin Mierla wrote:
Hi Klaus, would this approach require key exchange between the peering domains?
Cheers, Daniel
On 11/28/05 19:44, Klaus Darilion wrote:
Hi!
I've just posted a domainkeys module on the tracker on sourceforge: http://sourceforge.net/tracker/index.php?func=detail&aid=1368417&gro...
This is a "proof-of-concept" and at the moment not a module for real usage. Further, this is something which not standardized or documented anywhere. It's just an experiment to use the domainkeys technology (invented as anti-SPAM technology for emails) also with SIP.
Following some snippets from the README file.
If you would like to discuss this idea with me, you'r welcome.
regards klaus