On October 12, 2005 at 16:49, Ned Freed wrote:
* 6.3 should mention the use of complementary technologies, or
possible extensions to DKIM. To provide protection against replay
as it is happening, envelope-based technologies will need to be
employed. I'm not sure that systems that rely on reacting to the
attack after it has happened will be effective enough in deterring
attackers.
I really don't think we should be discussing additional technologies
here.
I agree that the WG should not try define these additional
technologies. However, from security analysis perspective, such
technologies may need to be mentioned to adequately address a specific
attack, especially if such an attack will deter people from adopting
DKIM or make DKIM ineffective in achieving its goals.
For example, there seems to be no problem in mentioning DNSSEC as a
technology for dealing with some DNS-based attacks. We should not
prohibit ourselves from doing the same with replay and other forms
of attacks.
I have no problem wit doing so as long as the additional technology is
already defined. My understanding of what you're proposing is to discuss
threats in the context of facilities that haven't been defined yet. I continue
to think this is a mistake.
Ned
_______________________________________________
ietf-dkim mailing list
http://dkim.org