On Aug 24, 2005, at 11:14 AM, Scott Kitterman wrote:
What you are asking is what won't SSP accomplish. It's difficult
to answer those questions before the design work is done. So lets
quick arguing about if it should be done. Get it done and see what
it buys us.
Before setting out on change, establish realistic expectations.
Currently your conversations should be related to that goal. What
will domain-wide assertions accomplish? What threats will this
address? There are a few areas where domain-wide assertions relating
to use of a protocol could be beneficial, such as when detecting
unauthorized servers. Beyond the immediate domain and server, things
are rather murky.
Spend some effort explaining what you envision.
Provide realistic assessments of what it can accomplish with respect
to current problems.
Play devil's advocate with what new risks could be created.
When you say get 'it' done. I can only guess what you mean. Hardly
a basis for a charter. : )
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org