Hallam-Baker, Phillip wrote:
What Russ is asking for is what I would describe as a problem statement.
What Steve Bellovin is asking for is a comprehensive security analysis
of the proposed solution. In the end we clearly have to deliver both,
but Russ's concern is the one I would expect an AD to have because it
goes to the question of what the charter should look like. Bellovin's
request is something I would expect the WG to answer.
While I am sure that Russ can speak for himself, I would like to just
add something I heard very clearly from him at the beginning at the BoF.
What he said, as I recall, was that the first technology in this space
that gets chartered will raise the bar for all others. The question for
the group was whether DKIM should be that technology, and that was the
focus of the discussion.
Therefore, I interpret that as the threat analysis consisting of a crisp
problem statement and then some fairly detailed analysis of how DKIM
either solves the problem(s) or is a necessary component to solving the
problem(s).
I would expect that a working group would be formed first if it is
demonstrated that the problem is important, second if it is shown that
the DKIM solution either solves the problem or can provide a necessary
component of solving the problem, third that there does not exist a
standard today that could reasonably be adapted to provide the same
function, and fourth that of the proposed solutions in this space, DKIM
is the best one to go forward (for some value of "best").
I would further expect that development of answers to these four would
occur on the newly created dkim list, but now I'm channeling Dave
Crocker and there could be a parity error in there somewhere (Dave can
speak for himself).
Jabber log is at the following URL:
http://www.xmpp.org/ietf-logs/mass(_at_)ietf(_dot_)xmpp(_dot_)org/2005-08-04.html
Eliot