On Thu, 2005-08-11 at 15:40, Stephen Kent wrote: > I thought that what Russ asked for was not a threat analysis for > DKIM, but a threat analysis for Internet e-mail, the system that DKIM > proposes to protect. The idea is that only if we start with a > characterization of how and why we believe adversaries attack e-mail, > can we evaluate whether any proposed security mechanism, e.g., DKIM, > is appropriate, relative to that threat analysis. I wasn't at the MASS BoF so I'm likely missing context here. It's been quite clear for a while that many of the proposals for securing Internet e-mail have fallen flat specifically when they've run into disagreements about the threat model. So an effort to come up with a consensus threat analysis sounds like a very good idea. It might even be worthy of a working group of its own as it would likely be useful as a base for more than just the MASS/DKIM work. - Bill _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf