AFAIK, the charter is in the works at the IESG (but I sent
Russ a note checking)
Thanks for the update.
Meanwhile we should continue to work the threats document
which is scheduled for last-call in Feb.
What is still pending on the document?
In the Threat Analysis discussions I have been struck by the difference in
clarity and apparent consensus on the issues that pertain to the core
functions, versus those that pertain to the "policy" functions.
My suspicion is that we will not be able to reach real consensus on the
policy-related issues until we work on the technical parts more, because the
topic is potentially open-ended and certainly has virtually no large-scale
For the basic functions of message-signing, there is an enormous amount of
experience already. Hence what DKIM is trying to do involves rather
specific deviations from well-understood practice.
Whereas, the lack of wide-spread and large-scale experience in
policy-publishing means that the discussion is largely theoretical and risks
debating the full range of "policies" that a sender might wish to publish.
That range is probably close to infinite, so there is a fair chance our
discussion of it will never converge.
All of this suggests that de-coupling the TA for the core functionality,
from that of the policy-related enhancements, will be necessary if we are to
stay on schedule.
ietf-dkim mailing list