O.K. While I have my opinions about the merits and flaws of several of
the proposals I will continue to withhold them for now for one main
reason. I am still not sure what goal they should be evaluated against.
At least two substantially different interpretations of what these
solutions should be attempting to do have been put forward, both of
which are valuable things to attempt, but which cause significantly
different interpretations of the drafts. To restate them fairly simply
goals I think have been suggested:
1) As suggested by Dave Crocker both in his initial draft charter and in
the recent discussion about mailing lists
" The purpose of the mailsig mechanism is:
Provide an assertion of message transit origination
accountability that can be validated. "
2) As I suggested a few times earlier
The purpose of the mailsig mechanism is to
Provide an assertion that the domain of the message author
(2822.From) authorized the sending of a specific message.
Some other questions that similarly impact the evaluation of the various
proposals as well as the language of the charter:
1) Is this result of mailsig validation intended to be displayed to
MUAs? If so to existing MUAs or only to new MUAs designed to understand
the results
2) Alternately is it a goal that the mailsig mechanism be transparent to
the existing email infrastructure
3) How high a priority is it to be able reject email based on a failed
signature validation?
While I am not sure one position or another should really be considered
a requirement of the solutions I would be interested to know at least at
a very high level what criteria other people are using when evaluating
the proposals. Similarly I would be interested to know from the authors
of the various proposals how/if these map to your goals when writing the
spec?
Thanks,
Robert