The threat analysis is really a requirements document. It neither rules
in or rules out the use of things not currently in the DKIM specification,
such as revocation identifiers or SSP alternatives, because these are
choices that might be made in the design phase.
Yep, exactly correct. Let's focus now on perfecting this threat analysis
document and leave matters of "DKIM doesn't have this" and "DKIM needs to
stop doing that" for later.
--
Arvel
_______________________________________________
ietf-dkim mailing list
http://dkim.org