Steve Atkins wrote:
There's a long discussion to be had there, which starts with me asking
"Well, what's your threat model?" and would ideally follow with "So,
given this framework, what is your attack tree, and how does SSP help
thwart it?", but when I've tried to have that discussion in the past
it's not gone anywhere productive
At the meeting on Tuesday, I suggested that one way to settle the d= vs.
i= debate would be to document the many overlapping yet divergent likely
use cases -- and was promptly asked to do so. Hooray for volunteerism!
I think the threat modeling may be yet another instance where we're all
taking past each other because we have different threats in mind, so
(unless there's stringent objection) I'm going to include
threats/concerns in that document as well.
Right now I'm on a flight back to Colorado, then on vacation for a few
days, so the questions for this project will show up next week. Feel
free to send me any additional thoughts in the meantime.
Your most humble servant,
--
J.D. Falk
Receiver Products
Return Path
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html