On Aug 11, 2005, at 6:54 PM, Ned Freed wrote:
As I just stated on the IETF list, absent a clear statement of what
this threat
analysis is actually supposed to analyze, I for one have little
interest in
"trying". I view my time as better spent trying to get the relevant
ADs and IAB
members to produce a coherent statement of what it is they want.
Spending time
on something that stands a good chance of not being what was asked
for is not,
IMO, useful.
Ned,
It would be ideal to have an RFC with the title "How to write a
Threats Analysis", but no such thing has been written. We do have
three simple questions from the relevant AD, and I don't believe Russ
has given them to us as busy-work... he's simply not that type of
person.
And after hearing people at the BoF speak of DKIM as bounce
protection, I can understand the broader IETF community asking us to
go through this exercise.
So I wonder if this threats analysis would benefit from a list of
things DKIM is not designed to guard against.
-andy
_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim