ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: threat modeling & use cases (was RE: [ietf-dkim] TracingSSP'sparadigm change

2007-12-12 19:16:59
from [J D Falk] [Permanent Link] 
Steve Atkins wrote:


Actually, I think that's the LAST step.  My hypothesis is that
different types of signers and/or verifiers (different use cases)
perceive different threats.


Well, without knowing what threats SSP is supposed to mitigate, it's
impossible to start analyzing how well it does so. So identifying the
threats certainly can't be the last step, and I can't actually think
of anything that comes before that.

Where would you start?


Dangit, Steve, we're agreeing again.  I'm going to start by documenting
the many different-yet-overlapping use cases & related threats.  The
only difference from your earlier statement is that I don't think we'll
ever have conesensus on The One True Threat Model; instead each
different-yet-overlapping user of DKIM & SSP will have
different-yet-overlapping concerns about each.


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: creeping i= (was RE: [ietf-dkim] Responsibility vs. Validity), J D Falk
Next by Date:  RE: [ietf-dkim] Tracing SSP's paradigm change, J D Falk
Previous by Thread:  Re: threat modeling & use cases (was RE: [ietf-dkim] Tracing SSP'sparadigm change, Steve Atkins
Next by Thread:  Re: threat modeling & use cases (was RE: [ietf-dkim] Tracing SSP'sparadigm change, Jim Fenton
Indexes:  [Date] [Thread] [Top] [All Lists]