On Thu, 2005-08-11 at 15:40, Stephen Kent wrote:
I thought that what Russ asked for was not a threat analysis for
DKIM, but a threat analysis for Internet e-mail, the system that DKIM
proposes to protect. The idea is that only if we start with a
characterization of how and why we believe adversaries attack e-mail,
can we evaluate whether any proposed security mechanism, e.g., DKIM,
is appropriate, relative to that threat analysis.
I wasn't at the MASS BoF so I'm likely missing context here.
It's been quite clear for a while that many of the proposals for
securing Internet e-mail have fallen flat specifically when they've run
into disagreements about the threat model.
So an effort to come up with a consensus threat analysis sounds like a
very good idea. It might even be worthy of a working group of its own
as it would likely be useful as a base for more than just the MASS/DKIM
work.
- Bill
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf