On Oct 8, 2004, at 12:23 PM, Michael Thomas wrote:
That said, I've always thought it would be a great idea to
completely separate out into two distinct tasks:
1) The 2822 layer encoding of signatures for email
2) An identity/service authorization protocol
I like this idea. Perhaps we should break the deliverables up in two
specs along these lines.
The former is the necessary bits on the wire to make email
signatures survive through existing infrastructure, and the
likely compromises that will entail -- very SMTP
specific. The latter is a much more general proposition as
this authorization function may well be used by other
services: there's already questioning on the SIP list, fwiw,
about whether a similar anti-forgery scheme would be
relevant for them.
Not that I have anything against SIP, but we shouldn't turn this
working group into solving the problems of the world. How about aiming
to make it generally useful for other applications but with a primary
focus on email?