Signing (and Encrypting) Mails with gpg like DKIM

[Jakob Bohm]

On 2024-09-01 10:07, Henning Follmann wrote:
>
>> On Sep 1, 2024, at 02:18, Stuart Longland via Gnupg-users <gnupg-users at gnupg.org> wrote:
>>
>> [Re-send with correct from: address… apologies to the moderators for the noise]
>>
>>> On 1/9/24 15:55, Marco Moock via Gnupg-users wrote:
>>> Is there a limit for DNS records?
>> In theory, probably not.  In practice, most definitely, especially if you don't "own" the DNS server.
>>
>>> I don't see a problem here, especially if they are provisioned in an
>>> automatic way.
>> Again, not everyone has that luxury.  There exist many web hosting providers whose only means of updating DNS is a crummy web application. CheaperDomains for example does this, and allows just 4 TXT records.
>>
>> https://community.cloudflare.com/t/dns-record-limit/169997 suggests a limit of 1000 records for CloudFlare for example (and its import instructions limit the zone file to 256KiB).
>> --
>>
> And on top of that you need the unprotected private key for each user.
> That is probably a bad idea.
Not anymore than for any other signing.  In particular, only automated
server-side signing would need (somewhat) unprotected key access.
Signing in the MUA asdiscussed above could protect the key in a GPG
card, but is entirely hypotheticaland antithetical to the idea of DKIM.

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded