ietf-dkim
[Top] [All Lists]

[ietf-dkim] What are the security problems of DKIM-BASE worh addressing with policy Concepts?

2006-08-07 00:23:31

----- Original Message -----
From: "Mark Delany" <MarkD+dkim(_at_)yahoo-inc(_dot_)com>


It obvious that there are two relatively strong viewpoints: one the
passive that Dave describes and one the active that, amongst others, I
describe.

...

Do we try and accommodate both? If so, how?

In my opinion,  and I had asked the chair a  week or so to consider this
approach:

I also proposed a straw vote on the fundamental question:

       Do you believe there are security problems
      directly or indirectly related to DKIM-BASE  that are worth
      solving or addressing using a Sender Signer Policy concept?

If we can't get this one clear, then you are right, there is essentially no
hope in solving this.  If the censensus is such the answer is NO, then we
punt on SSP, WG is basically done.

If the answer is YES, then we need to itemized the security problems we need
to address related to DKIM-BASE signatures or lack thereof.  Once this
secury list is established, then we can come up with policy declarations
that help address them.

But there is no need to do anything else of the consensus there is no
security problems with DKIM-BASE.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com







_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>