[mailto:owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Andrew
Newton
On Jul 20, 2005, at 8:55 PM, Arvel Hathcock wrote:
The working group will NOT consider related topics,
such as reputation and accreditation systems, and
message encryption. The working group may however
address issues arising from interoperation with already deployed
protocols that address these issues.
I at least would like to fully understand why this shouldn't be
part of the charter. It sounds perfectly reasonable to me.
I think what Dave is trying to say is that defining the
protocols and/
or features for reputation and accreditation systems is out
of scope,
but that working on things in the DKIM protocol that interact with
existing reputation and accreditation systems is not out of scope.
That is certainly my intention. It may also be Dave's intention but that
is not clear from his version of the charter.
I understand that people believe that doing accreditation and reputation
right is hard. I agree, that is what we have built a business on. We
certainly do not want to reinvent PKIX or SAML in the working group.
But we certainly want the interface to be defined. Authentication alone
only addresses a very limited set of issues. Authentication plus
assertions about the subject allows for a much more comprehensive and
useful solution.
Given that PKIX is an IETF working group in the same security area I
think it is a difficult argument to make that there should be no defined
interface.