Hi,
On Sun, 3 Oct 2004, James M Galvin wrote:
On Sat, 2 Oct 2004, John Levine wrote:
As I've said before, I think that Dave's proposed charter is specific
enough, and we should start looking at the merits and weaknesses of
the proposals.
I can not support the charter as long as it allows this group to create
a new email signature protocol.
If I'm alone or even a minority in that view, ship it to the IESG. I'll
make my comments again during "Last Call."
If others agree with me now would be a good time to speak up.
I too have yet to hear a cogent explaination why S/MIME with appropriate
header information included under the signature would not handle this
problem. If I'm beating a dead horse, plz let me know where this
thrashing has been archived (I acknowledge that I'm new to this list).
Why not tunnel the e-mail message body and its "origin" e-mail header
info into a S/MIME payload, sign it, then add a new outer tunnel e-mail
header in front of that payload, and then e-mail it? The inner e-mail
header remains separate from the outer header and therefore unmangled
while in transit.
IMHO, the sword on which every MASS proposal will fall and die is the
certificate management problem. MASS is not that different from the other
security standards, like IPsec or end-to-end S/MIME, that depend on
verifiable trust relationships. Taken to a global scale, that is an
expensive PKI to deploy and operate. Are ISP ready to incur that
operational expense to put a lid on spam related operational expense? I'd
like to think so, but....
The MASS charter would do well to primarily focus on making global e-mail
trust relationships "cheap" to operate and deploy, rather than spawn yet
another e-mail signature syntax scheme.
br,
George
Jim