Re: [ietf-dkim] Splitting the DKIM base doc

Barry Leiba wrote:
> I think the work of splitting it will be small, and won't affect the 
> schedule,

Given what Eric said he planned to do, with respect to the base document's 
discussion and reference to the key service, I agree.
If I understood correctly the change he is planning will a) contain only and 
exactly what is essential to specify the base document's functional requirement, 
and therefore b) de-couple a key service specification from the critical path of 
the base document.
Here is a revision to the architecture diagram that went into the threats 
document. It attempts to identify the standardized components and their inputs 
and output.  I think it is sufficient for the current discussion, to decide 
which parts need to be in separate documents.
For reducing dependencies in the critical path, a specification of interface 
parameters, rather than for a specific document, ought to suffice.
The diagram is still quite rough and I suspect it contains errors.  So, please 
send me corrections and enhancement.


                                           |
                                           | - RFC2822 Message
                                           V
                         +=======================================+
                         |      ORIGINATING OR RELAYING ADMD     |
                         |                                       |
   ......................+  Canonicalize  (Header, Body, c-alg)  |
   .         ............+  Hash (c-Header, c-Body, h-alg)       |
   .         .        ...+  Sign (h-Header, h-body,              |
   .         .        .  |       Domain, Selector, Priv-Key)     |
   .         .        .  |                                       |
   .         .        .  +=================+=====================+
   .         .        V                    | - Message
   .         .   +------------------+      |   (Domain, Selector, Key)
   .         .   | Canonicalization |      |
   .         .   |    Algorithm     |      |
   .         .   +----+-------------+      |
   .         V        .                    |
   .  +-----------+   .                    |
   .  |   Hash    |   .                    |
   .  | Algorithm |   .                [Internet]
   .  +------+----+   .                    |
   V         .        .                    |
+---------+  .        .                    |
|   Key   |  .        .                    |
| Service |  .        .                    |
+--+------+  .        .                    |
   .         .        .                    V
   .         .        .  +=======================================+
   .         .        .  |      RELAYING OR DELIVERING ADMD      |
   .         .        .  |                                       |
   .         .        ..>|  Canonicalize (Header, Body, c-alg)   |
   .         ...........>|  Hash (c-Header, c-Body, h-alg)       |
   .....................>|  Verify (h-Header, h-body,            |
                         |          Domain, Selector, Pub-Key)   |
                         |                                       |
                         +=======================================+
                                           |  - Verified Domain
                                           V  - [Report]
+-----------+            +=======================================+
|  Signer   |            |                                       |
| Practises +...........>|         Signer Evaluation             |
|  Query    |            |                                       |
+-----------+            +=======================================+


--

Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html