At 5:46 AM -0700 6/25/06, Douglas Otis wrote:
This next I-D offers a much simpler
solution from the prior suggestion.
No, it doesn't; it is more complex.
Full upgrade of SMTP will
require years. How does this provision accommodate this possible need?
Making absurd statements does not make the WG want to revisit the
problem. There is no need to "upgrade SMTP" in the case of an
algorithm transition for some DKIM implementations.
This is a security related work group.
Exactly. In a security working group, there needs to be a consensus
about the threat model for the use case of the protocol. This WG has
agreed on the threat model, and has designed the protocol around that
threat model. No analysis of the protocol has shown that the proposed
protocol does not match the agreed-to threat model.
The fact that one person disagrees with the agreed-to threat model,
and repeatedly tries to get people interested in his threat model, is
bothersome but irrelevant.
It is also worth noting that this part of the threat model (algorithm
transition) agreed to by this working group is the same as the threat
model used in other IETF security protocols.
Am
I right about the possible problem ahead with a transition?
It is not a question of right or wrong; it is a question of perceived
threats. Yours differs from the rest of the working group, and from
those of the people who designed most (all?) other significant
security protocols.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html