On Thu, Feb 12, 2009 at 05:38:34PM -0500, Siegel, Ellen wrote:
"... The Signer MAY choose to use the same namespace for its UAIDs as
users' email addresses, or MAY choose other means of representing its
users. However, the signer SHOULD use the same UAID for each message
intended to be evaluated as being within the same sphere of
responsibility, if it wishes to offer receivers the option of using the
UAID as a finer grained, stable identifier than the SDID."
I believe you're talking about increasing the strength of that SHOULD.
Yes, I suppose I am. But I hadn't realized that SHOULD meant that
identical UAIDs could mean they are not identical.
Hmm. I think a number of us were assuming that it would be obvious
that message using the same UAID were intended to be evaluated as
being within the same sphere of responsibility. That is distinct from
saying that messages within the same sphere of responsibility MUST use
the same UAID.
In other words, I think the intent is that messages using the same
UAID MUST be intended to be evaluated as sharing the same sphere of
responsibility (this is a mandate on the sender's usage, not on the
receiver's interpretation); senders SHOULD thus label messages
intended to be evaluated as being within that sphere with the same
UAID (but aren't required to). I don't think that's a
The question is whether this introduces enough confusion that we need
to either 1) clarify the missing side of the coin, as above and/or 2)
strengthen the existing requirement so that the other part just falls
Nicely put Ellen. Murray, I'm curious what you think now after reading
NOTE WELL: This list operates according to