Doug, I have done my best to try to understand what you are getting at here, with limited success. One main comment though:
The threat document is an analysis of DKIM, not systems that encompass DKIM in concert with other mechanisms such as SenderID, SPF, and CSA. If there is anyone else on the list who feels that this should be looked at more closely, please speak up. Otherwise, I will assume that there is a lack of consensus on this change (although I will leave it to the WG chairs to formally make that determination). -Jim Douglas Otis wrote: > Based upon the feedback offered by Frank, this section has been > revised to offer more concise statements related to threats. As Frank > and Jim have pointed out, other concurrent strategies may be needed to > defend DKIM when used as a basis for acceptance. This review focused > upon the scope of the message used to assess bad acts, and explored > risks related to those aspects of the message not protected by the > DKIM signature. This reviews defensive strategies using message > envelope and DKIM based information. _______________________________________________ NOTE WELL: This list operates according to http://dkim.org/ietf-list-rules.html
