On Tue, 16 Mar 1999, Charles Lindsey wrote:
There is a strongly perceived need within the Usenet-Format group for
a reliable method for the digital signing of headers. It would, on the
face of it, be foolish to devise a mechanism applicable to news that
would not work also for email, even though that does indeed make the
mechanism more complex.
IMHO, there should be two different schemes for NNTP and SMTP messages,
because the reason for signing the header is different.
For instance, we must be able to put multiple signatures on a usenet
message (one from the author, another from the administrator of the server
used for posting the article, and another for the moderator) because this
signing will be used mainly for cancelling an article. As one does not
usually cancel a mail message, this is not required for mail.
For mail applications, I don't see the point in signing the headers, as
long as the body is signed. But I may have missed a point, since I don't
follow the ietf-822 discussions.
And even though there may not be such a strong requirement for this
facility in email, one can imagine some applications that would find it
useful.
The draft that I have prepared therefore tries to solve the problem in
both environments. However, before we get too bogged down in the details
of what I am proposing, I suggest we first establish the proper forum
for this discussion, and the form that it should take. For this, I need
some advice from the various IETF gurus on these lists.
1. In the first place, should I aim it at a Draft Standard, or at an
Experimental Protocol? Note that we shall eventually want to refer to it
in the final USEFOR document, which is certainly supposed to be on the
Standards Track, but it might still be useful (and quicker) to have an
Experimental Protocol before then.
Here is also a difference, the need is urgent for usenet (because of the
ongoing cancel wars and other unauthenticated spam) but less urgent for
mail, as mail servers around the globe are becoming less prone to spam
propagation.
3. In the slightly longer term (and especially if it is to become a
Draft Standard in due course) do I need to apply to the IETF to have a
proper working group set up? That seems perhaps a slight overkill, so
would formal discussion on these two lists in parallel be in order even
in the longer term?
I find that having a single mailing list for "message format" is a good
idea.
4. And finally, please do not tear into the nitty gritty and the
details just yet. Let us discuss the overall principles first, and the
mechanisms. Clearly, there is much detail to be sorted out eventually,
but first things first.
agreed.
Regards,
--
Opinions expressed above are mine, they have not to be taken as a
skynet official position.
/Jean-Francois "Jef" Stenuit | BELGACOM-Skynet NV/SA | Solaris 2.x, \
\Network operations manager | 124, Rue Col. Bourg | Linux, NT, /
/Phone (32)(2) 706-1311 | B-1140 Brussels | Cisco \
\Fax (32)(2) 706-1312 | Belgium | expert ... /
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<