I would like to see the outcome of a bof be identification of an
approach to globally verifiable authenticated email. I have no doubt
there will be many gaps in our current tool set (starting with a
deployable PKI), and a truck load of operational guidelines to develop.
"globally verifiable" isn't a useful condition. "universally consensual"
is what the market is demanding. don't make people pay in bandwidth to
receive noncredentialled traffic. don't let there be a mix of credentialled
and noncredentialled traffic that a user has to spend a percentage of their
lifetime sorting. if traffic isn't provably desireable by the recipient
then it ought not be transmittable. if that proof turns out to be based on
false data then the trust path (possibly including one or more trust brokers)
should be poisoned against future falsity.
and in this bof, i suggest that gateways to the current system be shat upon
and never again considered. when we move, we'll MOVE.
--
Paul Vixie