[ietf-dkim] Review of draft-fenton-dkim-threats-01

[Eric Rescorla]

Michael Thomas <mike at mtcc.com> writes:

> Eric Rescorla wrote:
>> Dave Crocker <dhc at dcrocker.net> wrote:
>>
>>>
>>>>What I would have expected in a threat analysis of this type is that
>>>>one would start with a relatively broad view of the type of system
>>>>one was considering developing ("server-based message-based signatures
>>>>to prevent mail forgery") and then describe potential attacks on
>>>>such systems and the types of countermeasures that can be used to
>>>>protect against them.
>>>
>>>Eric,
>>>
>>>We seem to be suffering from trying to hit a moving target.
>> Hmm... Maybe, but I think my comments are in line with comments
>> I've made previously. It's possible that my comments don't
>> agree with Russ's, of course.
>
> That's seems to be the genesis. Hence my comments to the ietf list
> a couple of months ago. What would you have us do since this seems
> to be a meta argument between you and our AD?

A meta-argument? Are you saying that you think that Russ would like
you NOT to do the analysis I suggested? I'd be quite surprised to hear
that.

It's certainly possible that he would be satisfied if you don't do
so, but I don't so how that implies that I shouldn't want to see
such analysis done.

-Ekr