In <E1BGwCO-0007Lr-Hq(_at_)argon(_dot_)connect(_dot_)org(_dot_)uk> "Jon Kyme"
<jrk(_at_)merseymail(_dot_)com> writes:
We're tasked with developing the record, there are NO current
implementations which use it, as it hasn't been developed yet. Our input
documents (and other inputs) are useful in considering identities, but they
don't describe systems which depend on the ouputs of this group.
RMX, DMP, FSV and SPF all have very different ways of specifying the
policy information, but they all have very similar algorithms. Much
of the real-world experience we have obtained with one of those
systems will apply to the others. Converting to the MARID record will
not be hard at all.
S/MIME, C-ID, and DomainKeys all have completely different
algorithms. The only one with real-world experience is S/MIME.
Let's look at the milestones again:
March 04 Discuss identities [...]
April 04 [...] last call on which identities [...]
May 04 [...] semantics [...] syntax discussions [...]
May 04 Publish one or more syntax proposals [...]
June 04 Final selection [...]
And now we're getting close to that 'last call for identities' and your
point is?
Uh, at the risk of repeating myself, my points are: We need to look
more than one step ahead (I like Meng's chess analogy). It has taken
two months to discuss identities, something that was pretty well
discussed on ASRG and elsewhere over the last year. We are not really
creating anything new here, we are trying to standardize what we
know. We can not realistically create a new algorithm in the next
month and test that algorithm enough to be trustworthy.
handwaving descriptions of how validation might work. If the
algorithm hasn't been defined and tested by now,
I'm not sure what you're proposing here, time travel?
I am suggesting that we start a split track now. The RFC2821 stuff
has been held back far too long. The RFC2822 algorithm (S/MIME, DK,
C-ID, something else) needs to be selected and then tested. We
shouldn't abandon either one.
-wayne