Cautionary Period

["Housley, Russ" <rhousley@xxxxxxxxxxxxxxx>]

The updated Delegated Path Validation (DPV) and Delegated Path Discovery 
(DPD) Protocol Requirements document <draft-ietf-pkix-dpv-dpd-req-01.txt> 
was recently posted.  You may notice that I am a co-author with Denis on 
this document.  Denis invited me to be a co-author because I submitted many 
comments.  There were many, many editorial ones.  There were also technical 
ones.  Denis and I were able to resolve the vast bulk of the technical 
issues; however, we have not been able to reach a compromise on one open 
issue.  That issue is the subject of this note.

I encourage everyone to read DPV and DPD requirements document, and post 
their view on this subject.  I believe that the document expresses Denis' 
view on the issue.  My view is that cautionary period is a not a 
requirement for DPV or DPD.  However, cautionary periods might be used as 
part of an application-specific risk mitigation mechanism when trying to 
determine the validity of a particular signature.  For example, waiting for 
cautionary period before considering a signature to be valid on a 
high-value electronic contract may be prudent.  Therefore, cautionary 
periods might be supported in DSV (delegated signature validation).

Since Denis and I were unable to resolve this issue in an author-to-author 
dialogue, I am bring this issue to the whole mail list.  As far as I know, 
this is the only open issue with the DPV and DPD Protocol Requirements 
document.  I hope that this issue can be quickly resolved so that we can 
get on with the protocol development.

Russ