> On October 12, 2005 at 16:49, Ned Freed wrote:
> > > * 6.3 should mention the use of complementary technologies, or
> > > possible extensions to DKIM. To provide protection against replay
> > > as it is happening, envelope-based technologies will need to be
> > > employed. I'm not sure that systems that rely on reacting to the
> > > attack after it has happened will be effective enough in deterring
> > > attackers.
> >
> > I really don't think we should be discussing additional technologies
> > here.
> I agree that the WG should not try define these additional
> technologies. However, from security analysis perspective, such
> technologies may need to be mentioned to adequately address a specific
> attack, especially if such an attack will deter people from adopting
> DKIM or make DKIM ineffective in achieving its goals.
> For example, there seems to be no problem in mentioning DNSSEC as a
> technology for dealing with some DNS-based attacks. We should not
> prohibit ourselves from doing the same with replay and other forms
> of attacks.
I have no problem wit doing so as long as the additional technology is
already defined. My understanding of what you're proposing is to discuss
threats in the context of facilities that haven't been defined yet. I continue
to think this is a mistake.
Ned
_______________________________________________
ietf-dkim mailing list
http://dkim.org
