This might be a concise and accurate statement of what DKIM is trying to do , but it's not a good basis with which to start a threat analysis. If you try to use it as a basis for a threat analysis you will be trying to define the problem in terms of a proposal for a solution.
For comparison, if you're trying to do a threat analysis of your local network, you don't do so by looking at the feature list of a particular vendor's firewall (or if you do , you deseve to be attacked...). You start by listing the assets you want to protect, the kinds of harm you want to protect yourself against, and you get part of the latter by trying to anticipate the motiviations of potential attackers. Then you try to enumerate the attack paths. Finally you try to come up with countermeasures for each of those. Only then do you start looking at products to determine to what extent each of them covers the threats you have identified. Keith > I think what you wrote is concise and compelling. As you say, not > exactly a threat analysis, but I imagine it could go there. > > Eliot _______________________________________________ ietf-dkim mailing list http://dkim.org
