On Jul 25, 2005, at 7:56 AM, Michael Thomas wrote:
That said, I favor the crispness of the current charter/spec:
specs in this area have an almost perfect track record of
flopping in large part, IMO, due to their being unintelligablely
complex. Even the "simplicity" of the current spec brings up
deep and hard questions. Combinatorics is the enemy.
Ensuring deployment success seems a vital concern. Just those issues
will comprise a considerable amount of time. Initially keeping the
diversity of the basics constrained, such as where the key is
obtained, does not prevent those wishing to investigate and
experiment with alternative schemes. The simple tag/value syntax
does not preclude such alternatives in the future. DomainKeys has
already demonstrated the viability of the DNS approach. If there is
success and a desire for such alternatives, subsequent changes can be
made. However, it seems wrong to widen the scope of the charter to
encompass more than the initial step being considered in this process.
Earl Hood wrote:
Wrt DKIM, the trust component is established via DNS. The signature
verifier trusts that the records it achieves from a DNS query are the
records owned by the domain being queried. The trust solely relies
on the reliability and security of the DNS transport protocol.
For some, this may be sufficient, but for others, this is definitely
not sufficient. Because of security risks associated with DNS (along
with some of the key management aspects of it) others, including
myself, would definitely like to see hooks in DKIM to allow for
other PKI systems, systems that provide more robust trust models.
S/MIME has this feature already, and enjoys wide client deployment.
It lacks any significant use. S/MIME or secure documents may become
an alternative for such minor needs requiring higher security often
related to the author of the document. How this high security
problem is solved is really independent of an effort attempting to
scale for the wide use of an authentication scheme suitable for the
exchange of email. Here I tend to agree with Mike.
-Doug