----- Original Message -----
From: "Dave Crocker" <dhc(_at_)dcrocker(_dot_)net>
Sent: Wednesday, August 17, 2005 11:40 AM
Subject: Re: [ietf-dkim] Not exactly not a threat analysis
On reviewing this thread, I find myself with two, basic questions:
* How is this thread helping the group agree on a Threat Analysis?
Threat analysis takes high dedicated work. From a community standpoint, I
provided a basic outline to start.
How do you wish to proceed?
Why isn't YAHOO/CISCO paying for the effort? i.e. Assign an engineer or
out-source the project. They have the resources to do this.
Like I said, it takes a lot of dedicated work and furthermore, it relies on
a detail threat analysis for the current sub-systems, namely, RFC x281 and
* How is this thread helping the group get chartered?
Well, in my view, it seems that its becoming clear that DKIM is not a
general-purpose email authentication system, or stated differently, has a
That dedicated purpose seems to be:
- Exclusive domain signing/authentication only, and
- Can not be used for *all* mailing list distributing methods.
I don't think you can plug the loopholes in SMTP/822 with a new 2822 based
protocol that has its own set of relaxed provisions (loopholes).
Hector Santos, Santronics Software, Inc.
ietf-dkim mailing list