Jim,
Actually, I don't find "authorization" all that interesting.
Necessary, perhaps, but not interesting.
What is interesting is whether a gross violator can be properly
penalized. That's different than saying that someone gave the
permission (authorization) before they screwed up.
JF> "Interesting", I presume, refers to how effective this mechanism is against
spam.
yeah, that probably summarizes it. anything that has a primary, desired
effect, against spam or anything that is... interesting.
JF> But there are other problems we could be solving as well, such as to aid
enforcement of
JF> audit mechanisms at financial institutions (if the message is signed, it
got archived for
JF> the regulators).
In my experience, there needs to be a very, very big separation between
the work done for the primary goal and the benefits that might accrue
from it for other situations. It's not that the other situations are
not important or that having a mechanism work for multiple situations is
not a good thing.
JF> That isn't as urgent a problem to solve as spam/phishing to most of us,
JF> but it's a side benefit.
I think your wording is exactly right.
Paying attention to too many immediate goals usually dilutes the work,
typically producing cumbersome solutions and usually taking longer to
get out the door.
However, I LIKE having those derivative benefits around for follow-on
work, since that tends to produce designs with practical extensibility.
But "follow-on" is very different than "part of the initial solution"
I can ramble on about this point more, if I'm not making enough sense,
but it sounds as if we are in agreement about priorities.
d/
--
Dave Crocker <dcrocker-at-brandenburg-dot-com>
Brandenburg InternetWorking <www.brandenburg.com>
Sunnyvale, CA USA <tel:+1.408.246.8253>