[ietf-dkim] DKIM Threat Assessment v0.02 (very rough draft)
Andrew Newton
andy at hxr.us
Thu Aug 11 19:39:21 PDT 2005
On Aug 11, 2005, at 6:54 PM, Ned Freed wrote:
> As I just stated on the IETF list, absent a clear statement of what
> this threat
> analysis is actually supposed to analyze, I for one have little
> interest in
> "trying". I view my time as better spent trying to get the relevant
> ADs and IAB
> members to produce a coherent statement of what it is they want.
> Spending time
> on something that stands a good chance of not being what was asked
> for is not,
> IMO, useful.
Ned,
It would be ideal to have an RFC with the title "How to write a
Threats Analysis", but no such thing has been written. We do have
three simple questions from the relevant AD, and I don't believe Russ
has given them to us as busy-work... he's simply not that type of
person.
And after hearing people at the BoF speak of DKIM as bounce
protection, I can understand the broader IETF community asking us to
go through this exercise.
So I wonder if this threats analysis would benefit from a list of
things DKIM is not designed to guard against.
-andy
More information about the ietf-dkim
mailing list