Jim,
Good stuff. We can discuss the pros & cons of the putative new structure
in Vancouver.
Possibly. I'd prefer to see all the threat analysis in one document or
at least all we can do before the protocol is finalised, which in this
case is a lot.
I see that the draft charter has WG last call for the threat analysis in
2/06, and for the base and SSP specifications in 05/06 and 09/06
respectively. Will it be possible to complete the threat analysis of
DKIM itself while the specifications are not finalized?
If the threat analysis document is to include the security requirements
that the base & ssp protocols are to meet, (as per the latest charter
text) then those requirements have to be written down first.
And since we're also minimising changes to the extent possible
(consistent with security requirements), I'd say that yes we can
usefully carry out the threat analysis documents according to that
timeframe.
There may or may not be sufficient reason/energy to revise the threat
analysis after the dotting of the last 'i' in the other specs. I
probably wouldn't suggest adding a milestone for that though, since
hopefully we won't need it, and practically there's not often the
energy/interest in that kind of revision of an informational rfc at
that stage.
If the base/ssp specs do have to deviate from the security requirements
posited in the threat analysis then that'll have to be justfied in
those documents themselves.
Cheers,
Stephen.
_______________________________________________
ietf-dkim mailing list
http://dkim.org