[ietf-dkim] New Issue: 4.2 needs new Attack Item:
InconsistentSignature vs Policy Attacks
hsantos at santronics.com
Mon Jan 30 13:45:44 PST 2006
----- Original Message -----
From: "Dave Crocker" <dhc at dcrocker.net>
> Can someone clarify how this is within scope for the
> current deliverable?
Dave, as requested by Jim and Stephen, I racked my brains trying to mold
this NEW ISSUE entry in the best possible manner that would cater to the
mindset of this mixed discipline group, sensitive of the WG schedule and
to minimize changes to Jim's fine TA document.
I thought I provided a compromise that addresses a very important
fundamental threat related to the SSP specification and ignored in the
TA. It is 100% related to the TA. Many the current TA threats impact or
likelihood are affected by the issues presented by me. But I didn't
present it that way. I present it as an additional item to add.
As a side related note, the SSP draft specification as it is currently
defined is implemented in the current common API being made available
for developers. I don't think to say much about the premature nature of
the decisive (low info, few options) design decisions made.
Nonetheless, I believe this should be added to the TA to serve as a
basis for the next round of signature and SSP design discussions.
The fact is, these are real threats and they need to be documented in
the TA, so I did the best I could to present it in a simple logical
manner, as requested by Jim and Stephen, so that it can easily be
Hector Santos, Santronics Software, Inc.
More information about the ietf-dkim