Assuming that's "threat"... what do you mean by "impact considerations"?
How a "known Feature or Expected Logic" may alter or effect current
This should not be construed as a threat unless there is an entry point that
causes an expected mode of operation to run amonk.
OK, that's what I thought you probably meant.
At one level, this is what Sam Hartman was concerned about, when he
spoke from the floor in the BOF (see the draft minutes that Stephen
I guess we have three broad categories here:
1. What attacks against the email infrastructure does DKIM address?
2. What attacks will there be against DKIM, once it's deployed?
3. What effects does DKIM itself have on the email infrastructure?
The "threats" document is trying to include (1) completely, and a good
analysis of (2) [we can never be *complete* there, of course]. Sam
was asking for more thought on (3), and especially -- which is why
Russ asked us to add language about this to the charter -- with respect
to mailing lists.
It's not clear that (3) needs to go in the threats document, and we
certainly can't be "complete" about it either, but the charter clearly
commits us to looking at (3) at least somewhat (in the "mailing list"
paragraph). I see it as material for the overview document, but I
don't think it'd be unreasonable to include a specific item or three
in the threats doc if we decide that item/those items belong there
(because they're important enough to write down early, and to include
with the discussion of attacks).
In any case, I think the charter covers this, and it's in scope (though
we have to be careful of ratholes here).
Barry Leiba, Pervasive Computing Technology
ietf-dkim mailing list