Douglas Otis wrote:
On Feb 1, 2008, at 3:18 PM, Hector Santos wrote:
Douglas Otis wrote:
This draft goes to the opposite extreme of the ASP draft and
increases the restrictions for "all" compliance as well. This draft
indicates _ALL_ messages are to include a signature with an i=
parameter matches that of an identity within the From header. This
is not the defined use for RFC 4871.
The ASP approach creates fewer corner cases. At least with the ASP
draft, any risk of misuse remains within the control of a domain to
rectify.
IMHO, unless the SSP draft is changed to comply with RFC 4871, the WG
should consider adopting the ASP draft instead.
First, I don't agree that SSP did not comply with RFC 4871.
No. RFC 4871 does not comply with SSP.
Second, I for one am tired of this stuff going on in this WG.
For all intent and purposes this ASP Adaptation is essentially the
same document, the same copy of SSP with essentially the term
Originator changed to Author.
I strongly disagree. Please review the differences.
Per ASP:
2.8. Author Signature
An "Author Signature" is any Valid Signature where the *signing domain*
(listed in the "i=" tag if present, otherwise its default value,
consisting of the value of the "d=" tag) matches the domain of an
Author Address.
Per SSP:
2.8. Author Signature
An "Author Signature" is any Valid Signature where the *identity* of
the user or agent on behalf of which the message is signed (listed in
the "i=" tag or its default value from the "d=" tag) matches an
Author Address in the message.
IMHO, ASP is a far better definition and does not impose changes with
respect to how RFC 4871 might be used.
So just a rephrasing of a sentence makes this a different a new and
competing and better PROTOCOL? You got to be kidding me. No wonder we
are not going to get anything done around here - at least not something
that can only be cherished by a limited group.
It is basically all the same text just reworded. ASP is not different
enough to view it as a alternative protocol - it is still SSP with
SEMANTICS changes.
And for the matter, SSP-02 is ASP and ASP is SSP-02. The question is
who gets credit for the now flawed and watered down draft.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html