ietf-dkim
[Top] [All Lists]

[ietf-dkim] NEW ISSUE: SSP threats analysis needed

2007-12-09 10:42:54

9.  Threat Analysis

I believe the current specification pursues a narrow range of threats, without
there being a clear statement of what those threats are, and why they need
resolution, when other threats do not.

Given the previous work on threats, pertaining to DKIM (and SSP?) this could
well be a simple exercise.  I am raising the issue, because I suspect that the
current work goes beyond what was previously analyzed.


To the extent that the above is not sufficiently clear:

In spite of having a requirements document, the current SSP specification is not based on a coherent threats model. In fact working group participants have been demonstrating quite a large variance in the threats they think relevance. SSP cannot reach consensus unless there is first consensus about the problems it is trying to solve.

d/
--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>