----- Original Message -----
From: "Stephen Farrell" <stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
Hi Hector,
Hector Santos wrote:
All requirements should be fundamentally based on the following premise:
All policy considerations must|should add and/or help enhance
the security and survivability of the DKIM-BASE protocol.
That's a nice goal, but I suspect a little too far from being
measurable to include as a requirement.
I was thinking about how other requirements could be measured. Is that what
you were thinking?
I'm just winging this, but lets look at some key design implementation
factors:
Complexity
Usability
Middle ware (i.e. List Server)
Security
Surviability
For example, on a scale of Low to High:
Support for exclusive 1st party signature
Complexity? LOW
Usability? MEDIUM
Does it integrate well with MLS? LOW
Does it help with security? HIGH
Does it help with survivability? MEDIUM
Support for 3rd party signatures:
Complexity? MEDIUM
Usability? HIGH
Does it integrate well with MLS? MEDIUM-HIGH
Does it help with security? LOW-MEDIUM
Does it help with survivability? HIGH
Support for Multiple Signatures:
Complexity? HIGH
Usability? HIGH
Does it integrate well with MLS? MEDIUM-HIGH
Does it help with security? LOW
Does it help with survivability? MEDIUM
Support for Hashing Algorithm Policy Attribute:
Complexity? LOW
Usability? HIGH
Does it integrate well with MLS? LOW (not applicable?)
Does it help with security? MEDIUM-HIGH
Does it help with survivability? HIGH
and so on, and yes of course, I am bias and I tilted these off the top of
head values my way. :-)
But anyway, it may be good approach to have a criteria to measure the design
requirements. Using usability or "usage cases" only is too much tilted one
way and IMV, doesn't tell or tends to exclude/hide the whole design
requirement story.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html