--On Friday, February 19, 2016 00:12 +0000 Stephen Farrell
<stephen.farrell@xxxxxxxxx> wrote:
>
>
> On 18/02/16 03:38, Viktor Dukhovni wrote:
>> The addrquery draft is not under discussion here, so perhaps I
>> should not even have said that much. Exploring additional
>> approaches seems reasonable.
>
> Agreed. I think it might make sense to add a bit of text to all
> the drafts in this space. Would something like the following be
> useful to include in this and other similar drafts?
>
> "This specification is one experiment in improving access to
> public keys for end-to-end email security. There are a range
> of ways in which this can reasonably be done, for OpenPGP or
>...
Stephen,
I think such a paragraph would be a significant step forward. I
don't think it is a substitute for any of the drafts being clear
about known issues and security risks, including warnings (aka
"considerations") about the difference between obtaining a key
and authentication of the key vis-a-vis the supposed key owner.
I don't know whether you consider that separate from "...other
points made about this draft." or not.
john