Having a "threat analysis" was brought up at the plenary by Steve
Bellovin as being a Good Thing(tm). At the MASS/DKIM BOF we are
being required to produce such a thing as a prerequisite to even
getting chartered as a working group. The problem that I have (and
Dave Crocker at the plenary) is that there doesn't seem to be
any definition of what a "threat analysis" is.
As I posted on the DKIM mailing list on Monday
<http://mipassoc.org/pipermail/ietf-dkim/2005q3/000033.html> our AD, Russ
Housely has provided us with a rather straight-forward, 3-question template
for discussing DKIM's threat analysis:
* Who are the bad actors?
* Where do they fit into the protocol environment (eg, middle of net)?
* What are we trying to prevent them from doing?
I think Russ' list is quite reasonable and he has been clear as to the reason
he views the development of the threat analysis (TA) as a pre-requisite.
Further, given the history both of previous anti-spam standards efforts and
previous IETF security efforts, I am hard-pressed to disagree with him. It's
a pain in the ass to have to develop this stuff prior to chartering, but the
project manager in me knows it will be Very Good Thing for ensuring coherence
and focus of the effort.
(In fact my own real concern about the TA requirement is noting how little
followup there has been on the DKIM list, since my original posting there, 48
hours ago. Some folks are having great fun, there, debating other details
about DKIM concepts and DKIM documentation, but there has been essentially no
followup on threat analysis.)
At any rate, my point at the plenary was a concern that the Security
community, itself, does not yet appear to have adequate consensus description
of, and requirements for, TA to give the rest of us consistent guidance. From
what I have seen over the years, the requirement for doing a TA up-front, in
the IETF, is recent. So it is not surprising that the method of doing it is
unfamiliar to the rest of us.
So, if this is going to be yet another hoop that the IESG and IAB
sends working groups through like problem statements, requirements
documents and the like, I think it ought to be incumbent on
No question about it. Recruiting a larger community to support an effort
certainly involves tasks that aren't fun. Especially since it should be so
obvious why the effort is wonderful...
In any event, Russ has been clear and consistent. Although general discussion
about threat analysis shows community variations, the DKIM effort has not
(yet) been given inconsistent guidance (that I am aware of.)
d/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf