dotis at mail-abuse.org
Tue Oct 25 18:57:26 PDT 2005
On Oct 25, 2005, at 1:47 AM, Stephen Farrell wrote:
> I find it confusing and not entirely helpful that we now
> have two partially overlapping threat analyses. Can you
> try to excise the overlap so that your document only
> contains the delta? I (and I'm sure others) won't be able
> to properly consider your concerns if I can't see where
> the differences lie.
> Just to be clear though - our current charter specifies
> that we work on *one* threats document and that the starting
> point there is Jim's document.
Of course there should only be one document. I found it easier to
sweep through what stood out as desired changes by editing Jim's
excellent document. I was troubled by how the threat review did not
treat the SSP mechanism separately. As it is now, extracting the
SSP mechanism will create a number of changes to this review. I also
have concerns that the SSP mechanism may only be appropriate for a
few special cases where these domain's policies should also be easier
to obtain than allowed with the SSP mechanism.
DKIM can provide significant benefit without any policies being
published, but instead by simply including binding information within
the message and using an opportunistic strategy. There is not going
to be a flag day.
So far, I have only managed to provide the comparison documents.
Explaining problems with SSP will take longer than the time I have
today. Saying it in fewer words is a challenge I am not well suited
to handle. : )
Here is a link to a series of pdf files that provides a section by
section breakdown of the changes.
More information about the ietf-dkim