[ietf-dkim] Tracing SSP's paradigm change
Steve Atkins
steve at blighty.com
Thu Dec 6 10:42:02 PST 2007
On Dec 6, 2007, at 10:30 AM, Hector Santos wrote:
> Steve Atkins wrote:
>> Bill Oxley observed across threads "When it comes to discussing
>> SSP I hear a lot of noise with very little reason to implement or use
>> except in a few specific cases like highly phished sites."
>> There's a long discussion to be had there, which starts with me
>> asking "Well, what's your threat model?" and would ideally follow
>> with "So, given this framework, what is your attack tree, and how
>> does SSP help thwart it?", but when I've tried to have that
>> discussion
>> in the past it's not gone anywhere productive
>
> Steve, were you not involved in the lengthy threat analysis
> discussions and production of RFC 4686?
The vast majority of that discusses threats against DKIM
in particular, primarily a rehash of the normal attacks
against PKI and DNS.
What I'm talking about is "the general threat that SSP is
intended to counter", which is a completely different,
and mostly unrelated thing (though I suspect that part
of the attack tree would involve the issues discussed
there). I've not seen that discussed in any clear, let
alone formal, manner, I don't think.
Cheers,
Steve
More information about the ietf-dkim
mailing list