Security is not an end in itself, it supports and facilitates
"mission applications" that do something meaningful for end
users. End users want email (at least the older ones do, younger
folks use instant messaging), and I would think if the
goal is to have email that "just works" in terms of spam
resistance, the integrity attribute approach is much more
natural than S/MIME's confidentiality-oriented encapsulation.
I have not followed DKIM at all and am not in a position
to comment on what the spambuster community wants. But if
they want security and ask S/MIME for help (in the form of
an already-written I-D, not just a vague request), it seems
that apathy from us is an inappropriate response. We should
1) tell them why what they want is wrong from a security perspective,
2) accommodate their request by adopting the I-D, or
3) let them do their own security outside the S/MIME WG.
I don't think (1) applies, so do we want to help them (2) or
tell them we can't be bothered (3)?
From: Blake Ramsdell [mailto:blake(_at_)sendmail(_dot_)com]
OK, so I'll start. Is there some goal that we can achieve with
this mechanism that is better than the "just wrap a whole
message/rfc822 and lord knows how you merge the resulting
headers" approach that is the current practice?