ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] New Issue: 4.2 needs new Attack Item: Inconsistent Signature vs Policy Attacks

2006-01-30 15:18:37
from [Stephen Farrell] [Permanent Link] 

Hector,

Hector Santos wrote:

Suggested correction to TA:

Add a new attack item:

   Inconsistent Signature vs. Policy Attacks
         Impact: High
         Likelihood: High


I think there's a fair enough point there all right though getting
the wording right might be tricky. In 4.1 we do have attacks like
"theft of private key", so something about "applying wrong policy"
ought be appropriate for 4.2.

Note - I don't think we should get into solutions in the threats
draft, though the considerations from Tony's mail should come back
up for discussion later.

Stephen.



_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Re: New Issue: 4.2 needs new Attack Item: Inconsistent Signature vs Policy Attacks, Douglas Otis
Next by Date:  Re: [ietf-dkim] When will we know the Threat Analysis document is complete, Stephen Farrell
Previous by Thread:  Re: [ietf-dkim] Re: New Issue: 4.2 needs new Attack Item: Inconsistent Signature vs Policy Attacks, Douglas Otis
Next by Thread:  Re: [ietf-dkim] New Issue: 4.2 needs new Attack Item: Inconsistent Signature vs Policy Attacks, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]