----- Original Message -----
From: "Dave Crocker" <dhc(_at_)dcrocker(_dot_)net>
To: <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Wednesday, August 17, 2005 11:40 AM
Subject: Re: [ietf-dkim] Not exactly not a threat analysis
Folks,
On reviewing this thread, I find myself with two, basic questions:
* How is this thread helping the group agree on a Threat Analysis?
Threat analysis takes high dedicated work. From a community standpoint, I
provided a basic outline to start.
http://mipassoc.org/pipermail/ietf-dkim/2005q3/000128.html
How do you wish to proceed?
Question:
Why isn't YAHOO/CISCO paying for the effort? i.e. Assign an engineer or
out-source the project. They have the resources to do this.
Like I said, it takes a lot of dedicated work and furthermore, it relies on
a detail threat analysis for the current sub-systems, namely, RFC x281 and
RFC x822.
* How is this thread helping the group get chartered?
Well, in my view, it seems that its becoming clear that DKIM is not a
general-purpose email authentication system, or stated differently, has a
dedicated purpose.
That dedicated purpose seems to be:
- Exclusive domain signing/authentication only, and
- Can not be used for *all* mailing list distributing methods.
I don't think you can plug the loopholes in SMTP/822 with a new 2822 based
protocol that has its own set of relaxed provisions (loopholes).
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
ietf-dkim mailing list
http://dkim.org