[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: MASS/DKIM BOF Summary
> From: Eliot Lear [mailto:lear@xxxxxxxxx]
> Hallam-Baker, Phillip wrote:
> > What Russ is asking for is what I would describe as a problem
> > statement. What Steve Bellovin is asking for is a comprehensive
> > security analysis of the proposed solution. In the end we
> clearly have
> > to deliver both, but Russ's concern is the one I would
> expect an AD to
> > have because it goes to the question of what the charter
> should look
> > like. Bellovin's request is something I would expect the WG
> to answer.
> While I am sure that Russ can speak for himself, I would like
> to just add something I heard very clearly from him at the
> beginning at the BoF. What he said, as I recall, was that
> the first technology in this space that gets chartered will
> raise the bar for all others. The question for the group was
> whether DKIM should be that technology, and that was the
> focus of the discussion.
> Therefore, I interpret that as the threat analysis consisting
> of a crisp problem statement and then some fairly detailed
> analysis of how DKIM either solves the problem(s) or is a
> necessary component to solving the problem(s).
I still cannot see how you get from one proposition to the other. The
question that was repeatedly asked at the BOF was 'will this spec do any
good'. It was raised by two ADs, three ex-ADs and a member of the IAB.
> I would expect that a working group would be formed first if
> it is demonstrated that the problem is important, second if
> it is shown that the DKIM solution either solves the problem
> or can provide a necessary component of solving the problem,
> third that there does not exist a standard today that could
> reasonably be adapted to provide the same function, and
> fourth that of the proposed solutions in this space, DKIM is
> the best one to go forward (for some value of "best").
The argument at the BOF was very clearly of the 'component' variety
rather than claiming to solve the problem.
If we argue for the value of DKIM as a component we have to describe the
relationship of that component to the other components we expect to be
used in conjunction with it.
> I would further expect that development of answers to these
> four would occur on the newly created dkim list, but now I'm
> channeling Dave Crocker and there could be a parity error in
> there somewhere (Dave can speak for himself).
I would spend time talking to Russ Housely, Sam Hartman, EKR et al
rather than attempting to channel someone.