As a basic point of principle here, I care about there being one common
spec here more than anything else, including whether the spec actually
works.
We are engineers, if the spec is broken we can and we will fix it. If
the market mindshare is broken as it was with S/MIME vs. PGP I do not
know how to fix it.
I don't care whether we could fix S/MIME for this purpose, we could
never fix the mindshare, we could never get past the problem that S/MIME
has market deployment (>95%) and PGP has mindshate (>95%).
Fix the market, that is the hard part.
Besides which I will never pass up a chance to do a spec over ten years
later if it appears. If we have learnt nothing and forgotten nothing as
a result of the first ten years of commercial PKI then we do not deserve
to succeed.
I believe that DKIM signature infrastructure provides a powerful
starting point for a comprehensive cryptographic security scheme for
email. Use S/MIME and PGP as message encryption formats. Support domain
level security as well as end to end security. Allow people to go beyond
the limited end-to-end TRANSPORT security model to whole document
lifecycle security via content management.
-----Original Message-----
From: owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of
william(at)elan.net
Sent: Thursday, June 02, 2005 3:23 PM
To: Edward Shallow
Cc: 'Hector Santos'; 'Andrew Newton'; 'IETF MASS WG'
Subject: RE: Yahoo!'s DomainKeys and Cisco's IIM have merged
On Thu, 2 Jun 2005, Edward Shallow wrote:
How do the proponents of the META Signatures proposal feel on this
announcement ? William ?
1. We all knew they were working on merger since beginning of the year
(some of us knew even before that), nothing has seriously
changed as
details are still not available and only promises.
2. If what I fear about features that went into merged
solution are true,
I doubt I'd support it. Again details are what is important.
3. I've actually done quite a bit more of private research
and had been
working entire last month on things related to
signatures, identities,
email authorization, syntax & needed features. Paper about this is
already written, it directly relates to both MARID and
MASS and what I
propose will probably be quite interesting for all to read.
As part of that research, I ended up working more on META
Signatures
and right now finishing 0.21 doc (probably will be done
this week, time
permitting). It became a lot more like framework (i.e.
like x.509 but
in very short text form in header) with quite nice syntax
and features.
But based on what I hear the group is not interested in
header signature
framework, too bad...
But its quite possible that we'll find that needs of
email messaging
change or some other message protocol needs it, so you
should expect
that at the very least it'll all end up being documented
as ID so IETF
could use it if it decides to and current syntax looks
really nice too
(no more ugliness of separate META-Signature and
META-Auth, everything
fits well together). You should also assume that I'll
pursue EDigest
towards standardization separately no matter what although if not
done within WG it may take quite some time considering
how ietf works
(but I'll try to get started sooner and get Edigest into
ID this month)
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net