Use of PKIX Certificates in DKIM
VeriSign Inc.
This document describes a mechanism for using X.509v3 certificates that comply with the PKIX profile with Domain Keys Identified Mail (DKIM). An email signer MAY inform potential relying parties that a key described in a DKIM key record has a corresponding PKIX certificate or certificate path by means of an attribute in the key record that provides the URL of the certificate data. An email verifier MAY choose to make use of this information in deciding the disposition of the signed email message.