threat modeling & use cases (was RE: [ietf-dkim] Tracing SSP's
paradigm change
Steve Atkins
steve at blighty.com
Thu Dec 6 22:51:23 PST 2007
On Dec 6, 2007, at 10:36 PM, Scott Kitterman wrote:
> On Friday 07 December 2007 00:46, Steve Atkins wrote:
>
>> The first step would be a group consensus on what the threats
>> are ("what SSP is supposed to be for"), or at least a superset of
>> what most people think.
>>
>> Anyone? Bueller?
>>
> I, for one, feel like we did this in great depth during and before the
> requirements development. My suggestion would be to look to the
> work we've
> already done and refresh your memory on the established consenses.
I recall two suggestions from there. Neither were considered in any
depth.
1. Domain forgery. That's not a "threat". It's an intermediate step,
at most.
2. Phishing.
So that's.... one.
Got any others?
Cheers,
Steve
More information about the ietf-dkim
mailing list