ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-dkim] Re: Issue #1527:

2007-12-10 10:53:06
from [Dave Crocker] [Permanent Link] 


Stephen Farrell wrote:

For each proposed SSP feature, there needs to be a statement describing
the thread, the way that the feature will mitigate it and some
discussion of possible work-arounds and the ease with which they can be
used.


RFC 4868 [2] does contain some analysis of SSP from a year or
so ago. Can you describe some additional threats that aren't
covered there that we ought be considering? Or are there parts
of the analysis that need revisiting?
My review of what is covered in the earlier threats analysis, with regard to SSP, is extremely minimal.
Are you saying that you think it is sufficient to provide a technical basis for what is in the current specification?
Since you are the designated expert from the Security area, and since you make technical contributions to the working group, your assessment is significant. 

d/

--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] The limits of DKIM and SSP, Dave Crocker
Next by Date:  Re: [ietf-dkim] NEW ISSUE: Limit the application of SSP to unsigned messages, Dave Crocker
Previous by Thread:  Issue #1527: (was: Re: [ietf-dkim] The limits of DKIM and SSP), Stephen Farrell
Next by Thread:  [ietf-dkim] Re: Issue #1527:, Stephen Farrell
Indexes:  [Date] [Thread] [Top] [All Lists]