Dave,
Just looking for a bit more on one of the points you raised.
I also changed the subject since this is specific to one of
the new issues you raised. [1]
Dave Crocker wrote:
And we certainly have not done
a threats and work-arounds analysis for SSP.
For each proposed SSP feature, there needs to be a statement describing
the thread, the way that the feature will mitigate it and some
discussion of possible work-arounds and the ease with which they can be
used.
RFC 4868 [2] does contain some analysis of SSP from a year or
so ago. Can you describe some additional threats that aren't
covered there that we ought be considering? Or are there parts
of the analysis that need revisiting?
S.
[1] https://rt.psg.com/Ticket/Display.html?id=1527
[2] http://tools.ietf.org/html/rfc4686
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html