Re: what is a threat analysis?

At 3:08 PM -0700 8/11/05, Ned Freed wrote:

I thought that what Russ asked for was not a threat analysis for
DKIM, but a threat analysis for Internet e-mail, the system that DKIM
proposes to protect. The idea is that only if we start with a
characterization of how and why we believe adversaries attack e-mail,
can we evaluate whether any proposed security mechanism, e.g., DKIM,
is appropriate, relative to that threat analysis.


This is more less my guess as to what's being asked for, although I
disagree with the implication that DKIM proposes to protect email in
its entirety. Regardless, others do not appear to agree and instead
apppear to be doing very different sorts of analyses.

                                Ned

I agree that DKIM need not protect e-mail in all security dimensions.My definition of threat analysis for this context does not requirethat, although I admit the wording could have been clearer.

In any threat analysis, the author decides what threats he/she wantsto address. The reader decides if the author has omitted any that thereader believes are important (to the reader), and thus may rejectthe analysis if threats of interest to the reader were not addresses.

In this case, I believe the informal discussion centered onadversaries who wish to inject spam into the Internet e-mail system,or who wish to engage in phishing attacks via e-mail. If so, then theauthor merely states that, and proceeds to discuss the motivationsfor such adversaries (what constitutes success for them) and by whatmeans they can/do carry out attacks.

With this as background, the author then explains how a proposed setof countermeasures prevents such attacks, or makes them harder, etc.The reader then evaluates the claims of the author re theeffectiveness of the proposed countermeasures, given an agreed uponthreat model.



Steve

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf