----- Original Message ----- From: "Dave Crocker" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Wednesday, August 17, 2005 11:40 AM Subject: Re: [ietf-dkim] Not exactly not a threat analysis
> Folks, > > On reviewing this thread, I find myself with two, basic questions: > > * How is this thread helping the group agree on a Threat Analysis? Threat analysis takes high dedicated work. From a community standpoint, I provided a basic outline to start. http://mipassoc.org/pipermail/ietf-dkim/2005q3/000128.html How do you wish to proceed? Question: Why isn't YAHOO/CISCO paying for the effort? i.e. Assign an engineer or out-source the project. They have the resources to do this. Like I said, it takes a lot of dedicated work and furthermore, it relies on a detail threat analysis for the current sub-systems, namely, RFC x281 and RFC x822. > * How is this thread helping the group get chartered? Well, in my view, it seems that its becoming clear that DKIM is not a general-purpose email authentication system, or stated differently, has a dedicated purpose. That dedicated purpose seems to be: - Exclusive domain signing/authentication only, and - Can not be used for *all* mailing list distributing methods. I don't think you can plug the loopholes in SMTP/822 with a new 2822 based protocol that has its own set of relaxed provisions (loopholes). -- Hector Santos, Santronics Software, Inc. http://www.santronics.com _______________________________________________ ietf-dkim mailing list http://dkim.org
