Hallam-Baker, Phillip wrote (in response to Dave Crocker):
1. The existing DKIM specification does not provide an
"interface" to a reputation system. Hence a working group effort to define one
is entirely open-ended. The fact that it has not been a focus of IETF
discussions means that there is little basis for assessing the nature of the
output or, for that matter, the likelihood of success.
Rubbish.
The interface to X509 is almost entirely constrained.
You are pre-judging this issue according to your own prejudices here. I
note that in the MARID effort you argued strenuously to keep reputation
mechanisms out of scope then introduced one to the group yourself.
What happened in MARID is a moot point. Are you concerned that this
will happen again?
2. To be productive, a working group needs to have careful
focus.
It also needs to deliver a useful product. Far more IETF groups founder
because the problem is underscoped than because the scope is too broad.
This seems to be the central point: Is signature-based message
authentication by itself a useful product?
My own opinion is that it is, especially when coupled with a sender
signing policy. I completely agree that reputation and/or accreditation
add significant value once you have you have something trustable (e.g.,
a signature address) on which to base it, but I feel the problem (and
charter) needs to be subdivided. We have already seen that there is a
significant number of issues to resolve with signatures and signing
policies, and discussion on additional topics runs the risk of
overwhelming everyone.
Phill, can you clarify: are you advocating the addition of interfaces
to accreditation mechanisms, reputation systems, or both?
If the interface that is desired is to define or reserve a tag for
future use by accreditation or reputation systems, I think we can do
that within the current charter. Just as long as we don't get wrapped
around the definition and use of the tag. There is already at least one
thing that is defined for potential future use: the s= (service type)
tag in the key record.
To repeat: so far, no such constituency
has been evident.
That there is a constituency is very evident, the only debate here is
over the size of the constituency.
I see three paths here:
1. Continue with the charter as currently written, and amend it at a
later time to bring in additonal scope.
2. Amend the charter to add additional scope.
3. Create a separate group to address the accreditation/reputation problem.
Can we have more discussion on the sufficiency of message signatures by
themselves to do something useful?
Since it is clear that you are not even hended in this matter I want to
put it on record that:
* I disagree with the charter on this point
* I do not have confidence in you as a WG chair.
I'm not sure why this needs to be on the record, and it certainly
doesn't contribute in a positive way to the decision at hand.
-Jim