On Fri, 18 Nov 2005 08:12:32 -0800 Dave Crocker <dhc(_at_)dcrocker(_dot_)net>
wrote:
Folks,
My impression is that the threat analysis for SSP is far, far more
challenging than for the core DKIM services. At the least, this is
because
we understand SSP far less.
This means that having the threat analysis document include the SSP area
of
concerns is certain to protract producing the document. Since the threat
analysis document is in the critical path of producing the core document,
that means delays in getting out the base specification of the working
group.
Methinks it worth considering de-coupling things at the TA level, not just
the specification level.
I agree that there has been a lot of traffic on SSP security concerns. I
don't think that the volume of traffic is related to actual uncertainty
about SSP security.
Scott K
_______________________________________________
ietf-dkim mailing list
http://dkim.org