Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does no

ietf-dkim

[Top] [All Lists]

<prev [Date] next>

<prev [Thread] next>

Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?

2005-08-22 08:36:08

from [Scott Kitterman]

[Permanent Link]

I really don't have an opinion on your revocation identifier idea. Ithought we were discussing scope of the WG effort rather than the designof the product.


I also think that we are pretty much going in circles at this point.

To summarize, you think that SSP is dangerous, won't do what it'sproponents claim, and can't be fixed. Thus SSP and it's ilk shouldn'tbe dealt with by the working group. You believe that there are other,better ways to solve whatever problem it is that you are trying to solve.

I, and I believe others, think that SSP is essential and that while DKIMsignatures alone may have some value, the marginal utility for DKIMabsent some expression of sender policy is low.

Personally, I don't think we want to build a base spec that requires theSSP work to finish concurrently. I don't think it's necessary. What Ithink we absolutely need to avoid is a charter that just does that baseand defers SSP to some future effort. The charter needs to include both.


Scott Kitterman
_______________________________________________
ietf-dkim mailing list
http://dkim.org

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, (continued) Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Scott Kitterman Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Douglas Otis Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Scott Kitterman Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Douglas Otis Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Scott Kitterman Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Douglas Otis Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Scott Kitterman Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Douglas Otis Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Scott Kitterman Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Douglas Otis Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Scott Kitterman <= Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Douglas Otis Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Scott Kitterman Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Douglas Otis Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Scott Kitterman Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Douglas Otis Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Scott Kitterman Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Douglas Otis Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Scott Kitterman Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Earl Hood Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Earl Hood

Previous by Date:	Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore
Next by Date:	Re: [ietf-dkim] Not exactly not a threat analysis, Dave Crocker
Previous by Thread:	Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Douglas Otis
Next by Thread:	Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Douglas Otis
Indexes:	[Date] [Thread] [Top] [All Lists]