John Levine wrote: > RFC 3833 already has a threat analysis of the DNS. Please, > let's just point to that and be done with it.
+1 It would obscure real issues in threats-01 if all details of doing interesting things with DNS are analyzed. We can pick an obvious worst case like "evil name server" as example, say that DKIM isn't DNSSEC or ICANN or what else, point to some relevant documents, and then focus on the real DKIM threats: So far that's apparently replay, and attack from the inside. As worst case their combination into "chosen message replay". "Stolen key" and similar oddities are less relevant. Bye _______________________________________________ NOTE WELL: This list operates according to http://dkim.org/ietf-list-rules.html
