[ietf-dkim] DKIM Threat Assessment v0.02 (very rough draft)
Andrew Newton
andy at hxr.us
Thu Aug 11 19:58:53 PDT 2005
Hector,
On Aug 11, 2005, at 7:45 PM, Hector Santos wrote:
> Well, Andrew, atleast for me, I would really like to be part of
> this effort,
> but I can't help but feel it is a becoming a waste of time.
I'm sorry that you feel this way. And I'm sure there is not much I
can say to make things better, other than to suggest that our best
way forward is to address the task at hand.
> That said, the OA SSP verification issue, to me, is the most
> important issue
> in DKIM and to me, it is a near show stopper for DKIM acceptance.
>
> If it has not been said yet, this issue plays right into the key
> questions:
>
> - What does DKIM solve?
> - What are the benefits?
> - What are the negatives?
> - Where are the holes (Exploits, Bad Actors, Bad middle ware, Risk)?
> - Can it be done?
Expressed as an exploit and stating how the bad actors take advantage
of this hole would seem to be valuable, if not for the threats
analysis then for the security considerations.
-andy
More information about the ietf-dkim
mailing list