----- Original Message ----- From: "Jim Fenton" <[EMAIL PROTECTED]> To: "Stephen Farrell" <[EMAIL PROTECTED]>
> I agree that's a motivation (and that motivation or the > lack thereof shouldn't be a factor in what we document). But > hopefully the bribery part is out of scope, otherwise we will > have a _very_ long list of threats. The threat analysis should be realistic and exhaustive. That does not suggest each could be addressable by the protocol. But it needs to be itemized and highlighted. For example, in a complete threat analysis, a bribery simply highlights one form of private key and password entry points exploits. The trusted agents such as the DNS admin, Sysops, Co-Sysops, the domain owner are all "people of interest" including the compromised protected assets such as the Private key storage machine and/or signing server. So how can private keys/passwords be compromised? - Bribery (Black Market) is possible - DKIM Spyware on trusted agents machines - DKIM SMTP proxies on signing machines (SMTP outbound server) And other? So even if the DKIM protocol itself has to no inherent algorithm to address private key/password entry point exploits, its risk and potential should be itemized and assessed. This will provide operators the opportunity to understand the risk and allow them to organize a internal security plan. It can also promote R&D for future inventers to find an automated solution or one that detects and minimizes the exploit. -- Hector Santos, Santronics Software, Inc. http://www.santronics.com _______________________________________________ ietf-dkim mailing list http://dkim.org
