From: Bill Davidsen (davidsen@prodigy.com)
Date: Tue Sep 04 2001 - 16:49:12 CDT
Charles Lindsey <chl@clw.cs.man.ac.uk> wrote:
> What to do next? I see the following possibilities:
>
> 1. The BIG BIG solution
>
> Complete the work on Digital Header Signatures, and incorporate it
> into the draft as the approved method (or, more likely, put it into a
> separate RFC and refer to it in the draft).
>
> I don't somehow feel that this WG wants to follow that Path at the
> moment, though Brad will surely complain loudly that we will have failed
> in our purpose if we do not. And he would rightly point out that out
> charter identifies standards for the signing of articles as needing
> "urgent attention".
Speaking for only myself, I would love to put this in a separate RFC
and move forward. We make no progress by revisiting the issue, there is
not even complete agreement on what should be done, there is one camp
which wants to stick with a technology which has a track record (PGP)
and another which wants to use some theoretically better method which
introduces single point of failure and/or multiple conflicting
certificate type information.
The devil is in the details, and I don't think there's much likelyhood
that we will agree any better now than we did, possibly less, since all
of us have had a chance to learn more about the failure modes of various
methods.
Let's move forward and get what we have out, with a reference to a
future RFC and an informational mention of PGP signed NoCEM messages.
-- -bill davidsen (davidsen@prodigy.com) "The secret to procrastination is to put things off until the last possible moment - but no longer" -me