-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Jan 29, 2009, at 6:14 AM, pasi.ero...@nokia.com wrote:
>
> While considering this, I tried to find exactly such documentation,
> but I did not find much.
>
> draft-rfc-editor-errata-process-02 has the following text:
>
> We note that allowing technical errata is a slippery slope: there
> may be a temptation to use errata to "fix" protocol design errors,
> rather than publishing new RFCs that update the erroneous
> documents. In general, an erratum is intended to report an error
> in a document, rather than an error in the design of the protocol
> or other entity defined in the document, but this distinction may
> be too imprecise to avoid hard choices. For the IETF stream, these
> choices should be made by the IESG, and are discussed in their
> proposed guidelines on errata processing [IESG-Err-Proc].
>
> The distinction isn't very precise; you could consider
> rfc4871-errata-00 either an error (in this case, omission) in the
> design, or an error (omission) in the document.
Pasi, I think you have the answer in your text and quotation above.
Presently, we need some clarifications and minor corrections to DKIM-
base. They are in some cases not precisely errors, but it's good to
have them. They're closer to corrections than to new protocol additions.
There are people who present additions to DKIM-base and want to phrase
it as lacks in the protocol, but I disagree.
Something that we security people don't do very well is layering. But
layering is a concept that the IETF does very well. DKIM-base is a
basic framework for signatures on the messages. It's authentication.
All security people know that authentication alone might not be
terribly useful -- you have to have authorization to have it really
useful, for example. But I think we have rightly kept it out of DKIM-
base.
What it means to be authorized to send me an email is pretty squishy.
One facet of this is addressed in our present discussions. We're going
to continue to debate and develop that onward into reputation systems
and so on and so forth.
I believe that the text you quoted is the reason why we should have
errata not a -bis document. DKIM-base *intentionally* is
authentication only. DKIM-base *intentionally* does not say squat
about (e.g.) i= vs d=. Whatever side you may be on all of that (and I
believe it's clear where I stand), it shouldn't be jammed into DKIM-
base.
An errata document can cleanly clear up a few things, and leave the
higher-level questions for the higher levels of the as-yet incomplete
total protocol. Creating a -bis document would tend to push things in
the wrong direction; we need more documents that build on the base,
not more stuff in the base document.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII
wj8DBQFJghnMsTedWZOD3gYRAp7TAJ9q7xc8DaGtPDcxfNTYzRE3k/whhQCg9/Ol
dws6yHt9nmE1CUvshDCSP0Y=
=zIfn
-----END PGP SIGNATURE-----
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
