Stephen Farrell wrote:
My review of what is covered in the earlier threats analysis, with
regard to SSP, is extremely minimal.
I'm confused by that sentence. It could mean your reading of 4868 was
minimal, or that you consider the analysis in 4868 minimal.
The text on SSP threats is minimal.
Are you saying that you think it is sufficient to provide a technical
basis for what is in the current specification?
No. I was asking for an example from you of what is missing or
wrong in 4868. I assume you have something in mind, since you raised
the specific issue.
I understood that you seek to throw the issue back onto me. I think that a
threats review should be performed by folks with a background in security,
such as yourself.
Since you are the designated expert from the Security area, and since
you make technical contributions to the working group, your assessment
is significant.
Thanks. Though I'm not sure I'm a designated expert at anything:-)
Can't think of how to say this differently, so fwiw I'll simply note that it
is means only what it says: You think that if you did not have a history in
the security area you would still have been named co-chair?
I've not done the comparison as it happens, but I did ask Jim to do
that - in his slides from last week he indicated that he plans to
compare the SSP I-D against both 4868 and 5016 and report back. I
think that'll be a useful exercise, that might be a starting point for
more work or may be sufficient that the WG are happy to close this
issue.
ack. tnx.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html