ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: threat modeling & use cases (was RE: [ietf-dkim] Tracing SSP'sparadigm change

2007-12-13 20:40:31
from [Dave Crocker] [Permanent Link] 


Jim Fenton wrote:

Steve Atkins wrote:

Well, without knowing what threats SSP is supposed to mitigate, it's
impossible to start analyzing how well it does so. So identifying the
threats
certainly can't be the last step, and I can't actually think of anything
that comes before that.

Where would you start?


RFC 5016.



Jim,
Normally, a requirements doc like 5016 comes after a problem description, not before. A threats analysis is a problem description. 

I read Steve's query as being about threats, not requirements.
As for RFC 4686, it says very little about the threats that SSP is expected to mitigate. 

d/

--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [ietf-dkim] Re: NEW ISSUE: SSP applies only to receive-side filtering engine and not end-users, J D Falk
Next by Date:  Re: [ietf-dkim] Process Question, Stephen Farrell
Previous by Thread:  Re: threat modeling & use cases (was RE: [ietf-dkim] Tracing SSP'sparadigm change, Jim Fenton
Next by Thread:  Re: threat modeling & use cases (was RE: [ietf-dkim] Tracing SSP's paradigm change, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]