On Monday 07 August 2006 03:10, Hector Santos wrote:
----- Original Message -----
From: "Mark Delany" <MarkD+dkim(_at_)yahoo-inc(_dot_)com>
It obvious that there are two relatively strong viewpoints: one the
passive that Dave describes and one the active that, amongst others, I
describe.
...
Do we try and accommodate both? If so, how?
In my opinion, and I had asked the chair a week or so to consider this
approach:
I also proposed a straw vote on the fundamental question:
Do you believe there are security problems
directly or indirectly related to DKIM-BASE that are worth
solving or addressing using a Sender Signer Policy concept?
If we can't get this one clear, then you are right, there is essentially no
hope in solving this. If the censensus is such the answer is NO, then we
punt on SSP, WG is basically done.
If the answer is YES, then we need to itemized the security problems we
need to address related to DKIM-BASE signatures or lack thereof. Once this
secury list is established, then we can come up with policy declarations
that help address them.
But there is no need to do anything else of the consensus there is no
security problems with DKIM-BASE.
I would describe it differently. It's not that base has security problems,
it's that it fails to accomplish anything with significant utility.
We'll see how much utility we can get out of SSP, but absent some additional
functionality (be it SSP or non-standardized reputation systems) base doesn't
get you much in my opinion, but...
This is all rehash of the discussion we had about the charter before the WG
was formed. In my view the SSP/no SSP decision was made. Now the challenge
is to see what we can make of it.
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html