Jim Fenton wrote:
Stephen Farrell wrote:
Ned Freed wrote:
This basically seems OK to me. I do question whether the threat analysis
document (which I guess we're calling the threat summary now) is the
right
place for this, however. And even if it ends up being the right
place, do we
really want to mandate the eventual location in the charter?
I had a similar thought, but there's also the timing issue, the folks
who wanted this done also wanted it early in the process. Otherwise,
I agree that that kind of text seems more at hime in the overview
deliverable, and it is a bit of a detail in the charter, but its
easier this way overall I think.
I question whether the threat summary/analysis document is the place
that this issue will get the proper attention by those contemplating and
implementing DKIM. I think the other places that have been suggested
(Security Considerations for one of the specifications, or some sort of
Implementers' Guide BCP) provide more visibility for this, as I think
it's an important point to make. Having issues be visible in the right
places is more important than whether we do it early in the process, IMO.
I do agree, but it may be a price worth paying. In any case, if
the threat analysis contained an initial cut at this and some
later document did the job better, that'd be ok too, even if
sightly inefficient. As someone else implied, the threat analysis
won't be historically very interesting but is critical in terms
of getting the process done & so we produce a good result.
Do you think Hector's table is a good start? Seems to me like
it might be.
But, we can try talk to the requirees (is there a word for that?
if so I bet that's not it:-) again and see if they'd accept the
push-back. Be next week though.
Stephen.
_______________________________________________
ietf-dkim mailing list
http://dkim.org