ned(_dot_)freed(_at_)mrochek(_dot_)com wrote:
ned(_dot_)freed(_at_)mrochek(_dot_)com writes:
> Instead, we're engaged in the
> time-honored IETF practice of letting the unattainable best be the mortal
enemy
> of the good enough.
Please explain. What is "good enough"?
There are numerous examples. To pick one of the more recent: The unattainable
goal was to define a whole-message signature scheme that can be used end to
end, where the middle includes things like mailing list processors. Good enough
is to instead specify a scheme that works for "long hops" but is not intended
(and in fact explicitly excludes) end to end use.
There's some ambiguity in the statement "can be used end to end". One
way to read this is "is capable of being used end to end". Another
reading is "may work end-to-end [in some situations]". Some people seem
to be interpreting the former as what we're trying to accomplish, when
it's actually the latter.
Sure, any entity modifying a message SHOULD re-sign it. But I don't see
any reason to explicitly exclude end to end use, if all the
intermediaries (and even re-originators, like mailing lists) happen to
be "nice" to the message. Or is it that the "good enough" solution you
have in mind explicitly excludes end to end use?
-Jim