Re: [ietf-dkim] Re: requrements-01// security concerns regarding policy



Douglas Otis wrote:

The threats draft missed that the sending agent must be held accountableand that the DKIM signature can not play this role. As a result of thisoversight caused by understatements of replay concerns among others suchas use of annotations, the threat draft offers poor guidance for thepolicy effort. The policy requirements draft appears to be acontinuation of this short-sighted view. : (


Moaning about the fact that the WG's rough consensus wasn't what the
author wished is irrelevant and distracting. Please stop.

The threats draft does represent the WG's rough consensus at that
point in time and with the level of knowledge of the SSP protocol
existing then. While new facts may emerge, and additional levels of
protocol detail may also throw up new threats, we are not going to
re-do the entire threat analysis exercise.

Please focus your contribution towards resolvable issues with
ssp-reqs.

Thanks,
Stephen.
_______________________________________________

NOTE WELL: This list operates according tohttp://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

[ietf-dkim] Re: requrements-01// security concerns regarding policy domain designations rather than delegations, Frank Ellermann

Next by Date:

Re: [ietf-dkim] Re: requrements-01// security concerns regarding policy domain designations rather than delegations, Stephen Farrell

Previous by Thread:

[ietf-dkim] Re: requrements-01// security concerns regarding policy domain designations rather than delegations, Frank Ellermann

Next by Thread:

Re: [ietf-dkim] Re: requrements-01// security concerns regarding policy domain designations rather than delegations, Stephen Farrell

Indexes:

[Date] [Thread] [Top] [All Lists]