Hi, folks. Russ and I finally got a chance to briefly discuss MASS
this morning and I volunteered to write up some points from that
discussion.
There's been a lot of discussion of specific technical issues. I'd
wonder whether perhaps we've lost focus on what the BOF is trying to
accomplish and are getting bogged down in specific details of DKIM.
I'd like to recommend that participants in this list may want to make
sure that they have covered all the issues the BOF will need to cover
in order to be successful before focusing discussion on specific
technical details. Russ and I have identified some things we believe
the BOF needs to accomplish.
1) DKIM is a security technology. That means it is a tool for solving
some particular security problem. We need a clear definition of
the threat that DKIM and the MASS problem space are attempting to
address. That definition is needed for us to determine if DKIM
actually does what it claims to do at a security level. Russ and
I will not sponsor a working group unless this question is clearly
answered.
2) The BOF needs to show there is a consensus in favor of a MASS
solution based on DKIM. Showing that people are interested in
MASS cannot be used to justify this. You need to show there are
people who are interested in DKIM specifically.
3) You need to address concerns about how MASS might negatively impact
the mail architecture, business models of ISPs or otherwise is a
reason the IETF may not want to standardize DKIM. In other words
it is not enough to show that there is a consensus in favor of
DKIM, you also need to show there is no consensus against DKIM for
some particular reason.
4) You need to get enough agreement on a charter that you can achieve
achieve consensus on a charter during the WG creation process.
--Sam