ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] [Fwd: I-D ACTION:draft-fenton-dkim-threats-02.txt]

2006-01-09 11:55:29
from [Stephen Farrell] [Permanent Link] 

Doug,

Douglas Otis wrote:


On Jan 9, 2006, at 12:19 AM, Stephen Farrell wrote:



Unless there's a very strong consensus in that direction, I'd
really rather not deviate from the charter before its even been
posted on the IETF web site.

Let's try to work the current draft so that its in shape for a
wg last-call by the end of next month.
In that case, there could be greater clarity provided in the threat draft by creating separate sections splitting out threats and purported benefits related to mechanisms that extend the base DKIM signature. 

[...list deleted...]
In several places within the current draft, declarations of benefits assume a particular extension, SSP. The benefits, related limitations, caveats, and extension specific threats should be placed into separate sections. The list of _possible_ extensions should not be limited to just that currently defined in SSP. 

While I'm not sure I agree with your list (its too long for a start), I
do think that the less that the threats document assumes about ssp, the
better it'll be. So structuring it so as to be vague in respect of ssp
may be the right thing to do.

I also agree that the list of possible extensions should not be limited
so ssp-only, but I do not agree (if you're saying so) that the document
has to treat each potential extension equally.

I think the wg should guide the author on the level of detail, and
there are clearly more than a couple of folks who consider that
something-like-ssp is a fairly criticial extension (yes, I know there
is at least one who thinks the exact opposite:-), and something-like-ssp
was part of the BoF and is part of the charter so it won't go away just
now.

But before anyone starts drafting other extensions, I'd expect that any
other extension proposed would have to fit with the charter and be
addressed in sequence (i.e. earliest after the base is done) and needs
significant enough buy-in from the wg generally. If, for example, you
were to continue to develop your opaque-id ideas outside the wg and
then bring a more mature draft back to the wg after wg-last-call on
the base draft, then you might well get a much better reception than
if you tried to get that work done here and now. (Or maybe not, I
don't know.)

Stephen.


_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] [Fwd: I-D ACTION:draft-fenton-dkim-threats-02.txt], Douglas Otis
Next by Date:  Re: [ietf-dkim] [Fwd: I-D ACTION:draft-fenton-dkim-threats-02.txt], Stephen Farrell
Previous by Thread:  Re: [ietf-dkim] [Fwd: I-D ACTION:draft-fenton-dkim-threats-02.txt], Douglas Otis
Next by Thread:  Re: [ietf-dkim] [Fwd: I-D ACTION:draft-fenton-dkim-threats-02.txt], Douglas Otis
Indexes:  [Date] [Thread] [Top] [All Lists]