Doug,
I have done my best to try to understand what you are getting at here,
with limited success. One main comment though:
The threat document is an analysis of DKIM, not systems that encompass
DKIM in concert with other mechanisms such as SenderID, SPF, and CSA.
If there is anyone else on the list who feels that this should be looked
at more closely, please speak up. Otherwise, I will assume that there
is a lack of consensus on this change (although I will leave it to the
WG chairs to formally make that determination).
-Jim
Douglas Otis wrote:
Based upon the feedback offered by Frank, this section has been
revised to offer more concise statements related to threats. As Frank
and Jim have pointed out, other concurrent strategies may be needed to
defend DKIM when used as a basis for acceptance. This review focused
upon the scope of the message used to assess bad acts, and explored
risks related to those aspects of the message not protected by the
DKIM signature. This reviews defensive strategies using message
envelope and DKIM based information.
_______________________________________________
NOTE WELL: This list operates according to
http://dkim.org/ietf-list-rules.html