threat modeling & use cases (was RE: [ietf-dkim] Tracing
SSP'sparadigm change
Steve Atkins
steve at blighty.com
Wed Dec 12 17:42:49 PST 2007
On Dec 12, 2007, at 5:31 PM, J D Falk wrote:
> Steve Atkins wrote:
>
>> The first step would be a group consensus on what the threats are
>> ("what SSP is supposed to be for"), or at least a superset of what
>> most people think.
>
> Actually, I think that's the LAST step. My hypothesis is that
> different
> types of signers and/or verifiers (different use cases) perceive
> different threats.
Well, without knowing what threats SSP is supposed to mitigate, it's
impossible to start analyzing how well it does so. So identifying the
threats
certainly can't be the last step, and I can't actually think of anything
that comes before that.
Where would you start?
Cheers,
Steve
More information about the ietf-dkim
mailing list