> I would like to see the outcome of a bof be identification of an > approach to globally verifiable authenticated email. I have no doubt > there will be many gaps in our current tool set (starting with a > deployable PKI), and a truck load of operational guidelines to develop. "globally verifiable" isn't a useful condition. "universally consensual" is what the market is demanding. don't make people pay in bandwidth to receive noncredentialled traffic. don't let there be a mix of credentialled and noncredentialled traffic that a user has to spend a percentage of their lifetime sorting. if traffic isn't provably desireable by the recipient then it ought not be transmittable. if that proof turns out to be based on false data then the trust path (possibly including one or more trust brokers) should be poisoned against future falsity. and in this bof, i suggest that gateways to the current system be shat upon and never again considered. when we move, we'll MOVE. -- Paul Vixie