On October 12, 2005 at 16:49, Ned Freed wrote: > > * 6.3 should mention the use of complementary technologies, or > > possible extensions to DKIM. To provide protection against replay > > as it is happening, envelope-based technologies will need to be > > employed. I'm not sure that systems that rely on reacting to the > > attack after it has happened will be effective enough in deterring > > attackers. > > I really don't think we should be discussing additional technologies > here.
I agree that the WG should not try define these additional technologies. However, from security analysis perspective, such technologies may need to be mentioned to adequately address a specific attack, especially if such an attack will deter people from adopting DKIM or make DKIM ineffective in achieving its goals. For example, there seems to be no problem in mentioning DNSSEC as a technology for dealing with some DNS-based attacks. We should not prohibit ourselves from doing the same with replay and other forms of attacks. --ewh _______________________________________________ ietf-dkim mailing list http://dkim.org
