On Jul 27, 2005, at 4:47 PM, Arvel Hathcock wrote:
Leaving aside the issue as to whether XKMS is qualified to serve as
a key-fetching mechanism for the moment, what does the group think
about Phillips basic assertions:
(A) It is critical-path that we define at least one other value in
order to prove that it is, in fact, possible to do so.
I read the security review by Russell Housley. The concerns raised
were regarding a means to adopt future changes to the signature
algorithm, and to properly define the current algorithm within the
draft.
The assessment was that either IIM or DomainKeys were justified by
their relative simplicity. I saw nothing to suggest that these two
approaches should adopt the complexity found in S/MIME or OpenPGP.
In fact, this draft cautions _not_ to delve into such complexity.
I would say that the critical-path is to avoid adoption of such
complexities.
-Doug