On Tue, Jan 7, 2025 at 1:24 PM Michael Thomas <[email protected]> wrote:
> > I'm on the fence here. Do we need to say explicitly in a charter that the > best contemporary practices in terms of cryptography have to be used in the > development of a new thing? If so, it seems like every charter would need > to be explicit about it. > > The way I see it is if I or anyone else wrote a draft to use ECC, say, > under the current proposed charter it would be out of scope. I assume that > the bulleted items in the proposed charter are what will get worked on and > not some open ended set of things, though the charter is worryingly vague > on that account too. > If you want to use ECC in STD 76 DKIM, the DCRUP working group produced an RFC describing how to do that. If this work wants to support ECC or other bleeding edge crypto tech, I think it's free to do so without the charter saying it can (or has to). If you're after something that's not those two things, then I've misunderstood this thread. > > I suppose this is also me starting to lean in the direction that, yes, > this is indeed a new thing, not an update to an existing thing, even if it > borrows heavily from the existing thing. In that case, cipher suite > updates would be out of scope for this effort. > > Don't you mean *in* scope if it's a new thing? > I'm saying if this thing (as I think Bron said) is meant ultimately to supplant STD 76 DKIM, then (a) updating STD 76 DKIM's crypto provisions would be out of scope for the proposed new WG, but (b) the proposed new WG can employ whatever non-obsolete crypto it wants to, and we probably don't need that to be in the charter. -MSK
_______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
