On Tue, 2005-02-15 at 10:36 -0800, Dave Crocker wrote:
http://www.ietf.org/internet-drafts/draft-housley-mass-sec-review-00.txt
I'm thinking that an RFC discussing the technical, administrative, and
operational trade-offs would be useful. I'd be glad to participate in
creating it, but am not quite feeling up to taking the lead.
There are security risks not addressed by this MASS review. In
addition, there are solutions for concerns that were addressed by this
review. These solutions should be seen as minor modifications to either
of the prevalent signature proposals. Unfortunately, email related
crime provides incentives to exploit weakness within mail and network
systems. Potential impacts upon security, the response, and the
consumer should be within the scope of this review.
I would like to see a draft regarding this topic, and would be willing
to take the lead, if no one else is motivated.
-Doug