In message <42FA7805(_dot_)3040102(_at_)dcrocker(_dot_)net>, Dave Crocker
writes:
Having a "threat analysis" was brought up at the plenary by Steve
Bellovin as being a Good Thing(tm). At the MASS/DKIM BOF we are
being required to produce such a thing as a prerequisite to even
getting chartered as a working group. The problem that I have (and
Dave Crocker at the plenary) is that there doesn't seem to be
any definition of what a "threat analysis" is.
As I posted on the DKIM mailing list on Monday
<http://mipassoc.org/pipermail/ietf-dkim/2005q3/000033.html> our AD, Russ
Housely has provided us with a rather straight-forward, 3-question template
for discussing DKIM's threat analysis:
* Who are the bad actors?
* Where do they fit into the protocol environment (eg, middle of net)?
* What are we trying to prevent them from doing?
I think Russ' list is quite reasonable and he has been clear as to the reason
he views the development of the threat analysis (TA) as a pre-requisite.
The only thing I'd add is a clarification of the first point: are they
on links, on nodes, or both? One of the points of my talk is that in
multiparty protocols, you don't know who runs remote protocol
participants, even in the absence of hacking.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf