On Oct 12, 2005, at 11:51 AM, Michael Thomas wrote:
The other part of this that I admit to being confused by is in what
capacity Stephen is speaking -- bof chair, or just a contributor like
any of the rest of us. The charter Barry sent out was discussed at
length on the list and didn't seem especially contentious either on
the list or at the Paris bof -- the main contention was the lack of a
threats draft. Nor do I recall any pushback about the charter from
our AD's (?). So I'm not sure what a wholesale rewrite at this point
is actually attempting to accomplish. Are we really at risk of going
off into the weeds at this point if we don't revisit every point of
consensus we've accomplished in the last year or so?
There was a great deal of contention regarding what DKIM was
attempting to achieve at the Paris BOF. Nor does the current charter
reduce this confusion. There are aspects within this charter that
remain misleading, such as suggesting the mechanism is to solve
header forgery. Indeed the signature header is protected, and the
content of selected headers and (a portion of) the message content
can be verified as unaltered since the signing-domain had been
associated with the message via the signature. Trusting the content
of the message, including headers still requires trusting the signing-
domain. It would create less confusion by stating this clearly.
Related to establishing the trust of the signing-domain, abatement of
replay abuse should be considered an aspect of the task at hand. In
addition, there should be some consideration made regarding how to
respond to a DoS attack when basing acceptance based upon a domain
name. These aspects have been neglected within the current charter
as well. Whether these are to be handled by this WG or by a
different WG working toward a mutual goal could be considered, but
these issues should be reviewed within the threat analysis at least,
and be considered as possible aspects of the WG charter. Hopefully,
part of the charted task would be determining reasonable responses to
significant threats.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org