On Monday 07 August 2006 03:10, Hector Santos wrote: > ----- Original Message ----- > From: "Mark Delany" <[EMAIL PROTECTED]> > > > It obvious that there are two relatively strong viewpoints: one the > > passive that Dave describes and one the active that, amongst others, I > > describe. > > > > ... > > > > Do we try and accommodate both? If so, how? > > In my opinion, and I had asked the chair a week or so to consider this > approach: > > I also proposed a straw vote on the fundamental question: > > Do you believe there are security problems > directly or indirectly related to DKIM-BASE that are worth > solving or addressing using a Sender Signer Policy concept? > > If we can't get this one clear, then you are right, there is essentially no > hope in solving this. If the censensus is such the answer is NO, then we > punt on SSP, WG is basically done. > > If the answer is YES, then we need to itemized the security problems we > need to address related to DKIM-BASE signatures or lack thereof. Once this > secury list is established, then we can come up with policy declarations > that help address them. > > But there is no need to do anything else of the consensus there is no > security problems with DKIM-BASE. > I would describe it differently. It's not that base has security problems, it's that it fails to accomplish anything with significant utility.
We'll see how much utility we can get out of SSP, but absent some additional functionality (be it SSP or non-standardized reputation systems) base doesn't get you much in my opinion, but... This is all rehash of the discussion we had about the charter before the WG was formed. In my view the SSP/no SSP decision was made. Now the challenge is to see what we can make of it. Scott K _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
