Dave Crocker wrote:
This is a good point. Perhaps there could be volunteers for a sub-group
to focus on the SSP draft that would initially do the threat assessment
section relevant to what SSP might accomplish while the rest of the
group focuses on DKIM-base.
If you are proposing that work in the group cease on SSP until the
base document is submitted to the standards process (this will come as
a surprise to no one, I'm sure), I think it's a serious mistake.
Well, this is probably a good point to discuss. My original motivation
for writing the note was/is concern about our lack of focus and
difficulty in making progress, so far. Hence my note suggests a
framework/basis for the prioritization that is defined in the draft
Some folks think a group like this can do lots of things at once. My
own experience with IETF groups is that this is only true for
individuals or small sub-sets of the group. The main group, itself,
seems rarely able to consider more than one thing at a time.
Worse, the engineer is each of us usually wanders down into the
specification details far too readily. We have certainly seen that
tendency on this list.
Perhaps divide and conquor is the best approach. I'll volunteer to work
on the SSP group with others who think that's important. One group can
work out what threats DKIM-base deals with and the others what the
addition of DKIM-SSP can deal with. Then we can merge them.
So the question is how we get group to focus well enough to make
concrete progress? At the moment, that means turning out a threat
analysis that the group agrees on.
If DKIM-SSP can't get enough support to get a threat assessment section
written for it, then it probably does deserve to wait.
This would provide a clean break so that if there are incremental
deliveries of documentation to the standards process, then the
incremental threat assessment is already done.
ietf-dkim mailing list