ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: threat modeling & use cases (was RE: [ietf-dkim] Tracing SSP'sparadigm change

2007-12-12 18:48:08
from [Steve Atkins] [Permanent Link] 

On Dec 12, 2007, at 5:31 PM, J D Falk wrote:


Steve Atkins wrote:


The first step would be a group consensus on what the threats are
("what SSP is supposed to be for"), or at least a superset of what
most people think.
Actually, I think that's the LAST step. My hypothesis is that different 
types of signers and/or verifiers (different use cases) perceive
different threats.


Well, without knowing what threats SSP is supposed to mitigate, it's
impossible to start analyzing how well it does so. So identifying the threats 
certainly can't be the last step, and I can't actually think of anything
that comes before that.

Where would you start?

Cheers,
  Steve

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [ietf-dkim] NEW ISSUE: SSP applies only to receive-side filtering engine and not end-users, J D Falk
Next by Date:  RE: [ietf-dkim] NEW ISSUE: Reputation is out of scope or Define it, J D Falk
Previous by Thread:  RE: threat modeling & use cases (was RE: [ietf-dkim] Tracing SSP'sparadigm change, J D Falk
Next by Thread:  RE: threat modeling & use cases (was RE: [ietf-dkim] TracingSSP'sparadigm change, J D Falk
Indexes:  [Date] [Thread] [Top] [All Lists]