----- Original Message ----- From: "Stephen Farrell" <[EMAIL PROTECTED]> To: "Hector Santos" <[EMAIL PROTECTED]>
> Note - I don't think we should get into solutions in the threats > draft, though the considerations from Tony's mail should come back > up for discussion later. Unbelievable. :-) The TA is full of functional recommendations. In all honesty I am no longer sure what hat I should be wearing here. It might surprise you that I'm less concern about specific "how to" but rather risk management and the decision making process for this proposed protocol. This is about extracting all the information that is possible from protocol protocols as well understanding all the options in order to have well informed hierarchic design decisions that survive the test of time. It should be noted, Tony's input has already been discussed in quite detail - the suggestion about minimizing DNS lookups by coupling the DNS key record with SSP attribute information. But these are specific implementation details. The general problem is first party policies vs. 3rd party signers making possible fraudulent policy declaration for the first party. So you can't do what Tony suggested as an specific optimizing solution. -- Hector Santos, Santronics Software, Inc. http://www.santronics.com _______________________________________________ ietf-dkim mailing list http://dkim.org