On Dec 6, 2007, at 9:31 PM, J D Falk wrote:
Steve Atkins wrote:
There's a long discussion to be had there, which starts with me
asking
"Well, what's your threat model?" and would ideally follow with "So,
given this framework, what is your attack tree, and how does SSP help
thwart it?", but when I've tried to have that discussion in the past
it's not gone anywhere productive
At the meeting on Tuesday, I suggested that one way to settle the
d= vs.
i= debate would be to document the many overlapping yet divergent
likely
use cases -- and was promptly asked to do so. Hooray for
volunteerism!
I think the threat modeling may be yet another instance where we're
all
taking past each other because we have different threats in mind
, so (unless there's stringent objection) I'm going to include
threats/concerns in that document as well.
The first step would be a group consensus on what the threats
are ("what SSP is supposed to be for"), or at least a superset of
what most people think.
Anyone? Bueller?
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html