ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Requirement: Policy Attributes Must Enhance the Security and Surviability of DKIM-BASE

2006-08-04 04:56:40
from [Hector Santos] [Permanent Link] 

----- Original Message -----
From: "Stephen Farrell" <stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>



Hi Hector,

Hector Santos wrote:

All requirements should be fundamentally based on the following premise:

     All policy considerations must|should add and/or help enhance
     the security and survivability of the DKIM-BASE protocol.


That's a nice goal, but I suspect a little too far from being
measurable to include as a requirement.


I was thinking about how other requirements could be measured. Is that what
you were thinking?

I'm just winging this, but lets look at some key design implementation
factors:

     Complexity
     Usability
     Middle ware (i.e. List Server)
     Security
     Surviability

For example, on a scale of Low to High:

Support for exclusive 1st party signature

     Complexity?                       LOW
     Usability?                        MEDIUM
     Does it integrate well with MLS?  LOW
     Does it help with security?       HIGH
     Does it help with survivability?  MEDIUM

Support for 3rd party signatures:

     Complexity?                       MEDIUM
     Usability?                        HIGH
     Does it integrate well with MLS?  MEDIUM-HIGH
     Does it help with security?       LOW-MEDIUM
     Does it help with survivability?  HIGH

Support for Multiple Signatures:

     Complexity?                       HIGH
     Usability?                        HIGH
     Does it integrate well with MLS?  MEDIUM-HIGH
     Does it help with security?       LOW
     Does it help with survivability?  MEDIUM

Support for Hashing Algorithm Policy Attribute:

     Complexity?                       LOW
     Usability?                        HIGH
     Does it integrate well with MLS?  LOW (not applicable?)
     Does it help with security?       MEDIUM-HIGH
     Does it help with survivability?  HIGH


and so on, and yes of course, I am bias and I tilted these off the top of
head values my way.  :-)

But anyway, it may be good approach to have a criteria to measure the design
requirements. Using usability or "usage cases" only is too much tilted one
way and IMV, doesn't tell or tends to exclude/hide the whole design
requirement story.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-dkim] All done on potential SSP requirements?, Stephen Farrell
Next by Date:  Re: [ietf-dkim] All done on potential SSP requirements?, Hector Santos
Previous by Thread:  Re: [ietf-dkim] Requirement: Policy Attributes Must Enhance the Security and Surviabiility of DKIM-BASE, Stephen Farrell
Next by Thread:  [ietf-dkim] All done on potential SSP requirements?, Stephen Farrell
Indexes:  [Date] [Thread] [Top] [All Lists]