ietf-mailsig
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: MASS/DKIM BOF Summary

2005-08-08 06:50:41
from [Hallam-Baker, Phillip] [Permanent Link] 


From: Eliot Lear [mailto:lear(_at_)cisco(_dot_)com] 



Hallam-Baker, Phillip wrote:

What Russ is asking for is what I would describe as a problem 
statement. What Steve Bellovin is asking for is a comprehensive 
security analysis of the proposed solution. In the end we 

clearly have 

to deliver both, but Russ's concern is the one I would 

expect an AD to 

have because it goes to the question of what the charter 

should look 

like. Bellovin's request is something I would expect the WG 

to answer.

While I am sure that Russ can speak for himself, I would like 
to just add something I heard very clearly from him at the 
beginning at the BoF.  What he said, as I recall, was that 
the first technology in this space that gets chartered will 
raise the bar for all others.  The question for the group was 
whether DKIM should be that technology, and that was the 
focus of the discussion.




Therefore, I interpret that as the threat analysis consisting 
of a crisp problem statement and then some fairly detailed 
analysis of how DKIM either solves the problem(s) or is a 
necessary component to solving the problem(s).


I still cannot see how you get from one proposition to the other. The
question that was repeatedly asked at the BOF was 'will this spec do any
good'. It was raised by two ADs, three ex-ADs and a member of the IAB. 



I would expect that a working group would be formed first if 
it is demonstrated that the problem is important, second if 
it is shown that the DKIM solution either solves the problem 
or can provide a necessary component of solving the problem, 
third that there does not exist a standard today that could 
reasonably be adapted to provide the same function, and 
fourth that of the proposed solutions in this space, DKIM is 
the best one to go forward (for some value of "best").


The argument at the BOF was very clearly of the 'component' variety
rather than claiming to solve the problem.

If we argue for the value of DKIM as a component we have to describe the
relationship of that component to the other components we expect to be
used in conjunction with it. 



I would further expect that development of answers to these 
four would occur on the newly created dkim list, but now I'm 
channeling Dave Crocker and there could be a parity error in 
there somewhere (Dave can speak for himself).


I would spend time talking to Russ Housely, Sam Hartman, EKR et al
rather than attempting to channel someone.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Re: Replay attacks and ISP business models, Amir Herzberg
Next by Date:  Re: MASS/DKIM BOF Summary, Eliot Lear
Previous by Thread:  Re: MASS/DKIM BOF Summary, Dave Crocker
Next by Thread:  Re: MASS/DKIM BOF Summary, Eliot Lear
Indexes:  [Date] [Thread] [Top] [All Lists]