Hilarie,
your advice is well taken and your help is much appreciated :-)
I am very ok with adding this sentence to the Introduction as you propose
and if you want to provide some paragraphs to the document, that'd be
excellent.
Tony/Markus: As this has been raised during the WGLC, I am awaiting your
call whether we should create a new revision of the document.
Hilarie: Would you be able to send those paragraphs within less than a week?
I am going on vacation for the holidays and would love to get this finally
done in 2006 ;-)
Regards
Martin
-----Original Message-----
From: Hilarie Orman [mailto:ho(_at_)alum(_dot_)mit(_dot_)edu]
Sent: Dienstag, 12. Dezember 2006 19:42
To: Stecher,Martin
Cc: ietf-openproxy(_at_)imc(_dot_)org; tony(_at_)att(_dot_)com
Subject: RE: [opes] draft-ietf-opes-smtp-security-01
Speaking as someone who has followed the WG for some time and
knows the context of the work, I repeat, the introduction
*really* does need some kind of simple statement about its
purpose. Something like "Because OPES is a protocol that is
built over application layer transports, its security may
depend on the specifics of the transport.
OPES designs are guided by the IAB 'Consideration' document
[2], and those considerations are revisited here in the
context of the SMTP protocol." Put that right after the "2.
Introduction" line and then the section title for 2.1 becomes
much less jarring.
My points about encryption may seem overly technical, but
they are essential. Privacy and integrity are separate
concepts. Keeping a message secret is different from
ensuring that message modification is detectable. The
algorithms are different, the implementations are different,
the key management is different, they are different things.
They cannot be conflated into the single word "encryption" or
even the shorthand "encryption/signing". They must be
discussed separately.
I'll write the paragraphs if that will help.
Hilarie