ietf-dkim
[Top] [All Lists]

Issue 1527 - Threats (was Re: [ietf-dkim] Hostile to DKIM deployment)

2007-12-14 09:46:17


Jim Fenton wrote:
Wietse Venema wrote:
What is the relevance of this for the current effort? I have nothing
against an SSP that says what mail if any a domain signs or sends.
Like many, I would use that to throw away some mail. But it would be
a mistake to position SSP as the solution for email phishing.

I agree with the above statement.  At the same time, I think it's
appropriate to consider the potential for technologies like SSP to
reduce losses due to phishing.  It isn't necessary to "solve" the
problem to produce a tangible benefit.


Right. So let's explore what current problems specific functions in SSP will mitigate.

Folks who are proponents of particular SSP features should document specific threats and specific SSP feature(s) that will mitigate them.

An essential part of such exercise is to explain why the mitigation is strategic. That is, why will it not be easy for attackers to work around the SSP mechanism and achieve equivalent attack success.

d/
--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>