Steve Atkins wrote:
Bill Oxley observed across threads "When it comes to discussing
SSP I hear a lot of noise with very little reason to implement or use
except in a few specific cases like highly phished sites."
There's a long discussion to be had there, which starts with me
asking "Well, what's your threat model?" and would ideally follow
with "So, given this framework, what is your attack tree, and how
does SSP help thwart it?", but when I've tried to have that discussion
in the past it's not gone anywhere productive
Steve, were you not involved in the lengthy threat analysis discussions
and production of RFC 4686?
There are two sides to the coin here and it really serves no justice at
to point to rehash it all, who's at fault, who's the bad guy, good guy,
etc.
For the record, there has been many questionable decisions made and when
they were highlighted, they were either pushed aside, ignored or
shunned. So it is really an humorous irony to see whats going on now.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html