ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] SSP Threat Analysis vs SSP Impact Analysis

2005-11-13 18:49:52
from [Hector Santos] [Permanent Link] 

----- Original Message -----
From: "Barry Leiba" <leiba(_at_)watson(_dot_)ibm(_dot_)com>
To: "IETF-DKIM" <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Sunday, November 13, 2005 7:58 PM
Subject: Re: [ietf-dkim] SSP Threat Analysis vs SSP Impact Analysis



Is it reasonable to ask if the thread considerations include impact
considerations?


Assuming that's "threat"... what do you mean by "impact considerations"?


How a "known Feature or Expected Logic" may alter or effect current
operations.

This should not be construed as a threat unless there is an entry point that
causes an expected mode of operation to run amonk.

The most beneficial policy example with SSP is the EXCLUSIVE policy.  This
is the one Mr. Otis was concerned about how it can impact current mode of
public, relaxed modes of operations - a mode that is exploited to the nth
degree today as well.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com


_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] DKIM charter, Hector Santos
Next by Date:  [ietf-dkim] certain forms of spoofing (was: DKIM charter), Frank Ellermann
Previous by Thread:  Re: [ietf-dkim] SSP Threat Analysis vs SSP Impact Analysis, Barry Leiba
Next by Thread:  Re: [ietf-dkim] SSP Threat Analysis vs SSP Impact Analysis, Barry Leiba
Indexes:  [Date] [Thread] [Top] [All Lists]