Thanks for the comments.
I think we should make it clear in the charter which problem we are
solving, the authenticating the channel, or the message (or both).
That was the intent of:
The MASS working group will produce
specifications that support transfer-related, encryption-based
authentication of an email message and its contents.
"encryption based message contents authentication" seemed pretty clear to me.
Can you suggest some different text that would work better?
There
is also the question of scope and policy, i.e. how much we take on with
issues such as indicating whether or not an entity signs all messages,
for instance.
That would be outside of the scope of work, per this draft. The draft is for
defining a particular mechanism, not for dealing with the policies of its use
or
for defining mechanisms to communicate that policy.
Perhaps that exclusion should be added to the 'out of scope' section of the
charter?
I also think we should deal with the IPR issue up front in the charter -
interoperability should be the driving point, so any solution should be
acceptable to open source licenses, IMO.
I do not know what you mean "deal with". The IETF already has extensive
material that covers IPR issues. Beyond that, we have very limited control
over
people's actual behavior.
d/
--
Dave Crocker <mailto:dcrocker-at-brandenburg-dot-com>
Brandenburg InternetWorking <http://brandenburg.com>