,----
|1.2. Document Structure
|...
|
| The sections dealing with attacks on DKIM each begin with a table
| summarizing the postulated attacks in each category along with their
| expected impact and likelihood. The following definitions were used
| as rough criteria for scoring the attacks:
|
| Impact:
|
| High: Affects the verification of messages from an entire domain or
| multiple domains
'____
It is not clear what is meant by "affects verification of messages."
The verification process depends only upon the integrity of the
network infrastructure. The threat document should consider the
impact upon the classification of a domain's messages. Even when a
private key is compromised, the verification process still passes
valid messages. The threat review indicates a compromised key as
causing a high impact. One could conclude this impact results when
messages from a bad actor accrue to the exploited domain.
The introduction offers these possible uses of DKIM.
,----
| Once the attesting party or parties have been established, the
| recipient may evaluate the message in the context of additional
| information such as locally-maintained whitelists, shared reputation
| services, and/or third-party accreditation.
'____
A threat document should consider how an exploit might affect these
uses of DKIM.
Change:
"Affects the verification of messages..."
to
"Affects the classification of messages..."
-Doug
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf