[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Dave Crocker
another thread there is absolutely no doubt that the group
can finish
the spec, there are FOUR precedents for standards work in
this area,
all of them delivered specifications. DKIM is considerably less
ambitious than any of the other attempts.
In the interest of timely accuracy:
As of this morning, the number is five.
There are five DKIM implementations
What I was referring to was the fact that DKIM is the fifth
specification the IETF has worked on that is intended to sign email.
PEM, MOSS, S/MIME, PGP all completed their work, all delivered a spec
that achieved the original goals and all produced a reasonably competent
first draft a reasonable time after the group started.
They did not, however, all produce a timely final result. PEM in particular
took much too long, so long that by the time it was done the email service
it was intended to protect had changed in ways PEM had trouble dealing with.
I will also add that there were implementations of all of these specifications,
in most cases done in parallel with the specifications themselves. And as you
noted elsewhere, two of these have been widely deployed in various clients. But
none of them have seen widespread use.
The security area has never had a big problem delivering a spec that
functions as advertised. The problem has been with specs that don't
solve the real problems faced by the users.
Speaking as one of the coauthors of MOSS, I regret to say you're quite correct
in this assessment.
Ned
_______________________________________________
ietf-dkim mailing list
<http://dkim.org>