threat modeling & use cases (was RE: [ietf-dkim] Tracing SSP's
paradigm change
Steve Atkins
steve at blighty.com
Thu Dec 6 21:46:48 PST 2007
On Dec 6, 2007, at 9:31 PM, J D Falk wrote:
> Steve Atkins wrote:
>
>> There's a long discussion to be had there, which starts with me
>> asking
>> "Well, what's your threat model?" and would ideally follow with "So,
>> given this framework, what is your attack tree, and how does SSP help
>> thwart it?", but when I've tried to have that discussion in the past
>> it's not gone anywhere productive
>
> At the meeting on Tuesday, I suggested that one way to settle the
> d= vs.
> i= debate would be to document the many overlapping yet divergent
> likely
> use cases -- and was promptly asked to do so. Hooray for
> volunteerism!
>
> I think the threat modeling may be yet another instance where we're
> all
> taking past each other because we have different threats in mind
> , so (unless there's stringent objection) I'm going to include
> threats/concerns in that document as well.
The first step would be a group consensus on what the threats
are ("what SSP is supposed to be for"), or at least a superset of
what most people think.
Anyone? Bueller?
Cheers,
Steve
More information about the ietf-dkim
mailing list