----- Original Message -----
From: "Stephen Farrell" <stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
Note - I don't think we should get into solutions in the threats
draft, though the considerations from Tony's mail should come back
up for discussion later.
Unbelievable. :-) The TA is full of functional recommendations. In all
honesty I am no longer sure what hat I should be wearing here. It might
surprise you that I'm less concern about specific "how to" but rather
risk management and the decision making process for this proposed
protocol. This is about extracting all the information that is possible
from protocol protocols as well understanding all the options in order
to have well informed hierarchic design decisions that survive the test
of time.
It should be noted, Tony's input has already been discussed in quite
detail - the suggestion about minimizing DNS lookups by coupling the DNS
key record with SSP attribute information. But these are specific
implementation details.
The general problem is first party policies vs. 3rd party signers making
possible fraudulent policy declaration for the first party. So you can't
do what Tony suggested as an specific optimizing solution.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
ietf-dkim mailing list
http://dkim.org