Folks,
by signing a piece of mail, the signer is claiming some
responsibility (what responsibility is defined by the contents of
the signature block), and in order to keep your reputation you
better be careful about what you sign for.
Although the latest round of discussion has not appeared to be all
that productive, I think it has helped me to focus on some
meta-issues.
My sense is that there are underlying differences in assumptions about
the nature and purpose of a mailsig signature, and that these
differences are what is causing our differences in preferred
solutions.
In order to get a consensus effort on a specification, we need to
clarify and resolve those differences.
So, I think we need to try to get very explicit agreement about the
underpinnings for the mailsig work. For every question, below, we
need to formulate extremely precise statements, so as to exclude any
ambiguities or redundancies:
1. Who is supposed to do the signing? That is, what is the "nature"
of the entity doing the signing?
2. What does their signature mean? What "encumbrance" or obligation
does the signatory take on, by doing the signing?
3. What is the intended purpose of the signature? What does it
prove and to whom? How is it supposed to be used?
4. What is the intended lifetime for a singature? For how long is
it supposed to be valid?
d/
--
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker a t ...
www.brandenburg.com