On Dec 12, 2007, at 5:31 PM, J D Falk wrote:
Steve Atkins wrote:
The first step would be a group consensus on what the threats are
("what SSP is supposed to be for"), or at least a superset of what
most people think.
Actually, I think that's the LAST step. My hypothesis is that
different
types of signers and/or verifiers (different use cases) perceive
different threats.
Well, without knowing what threats SSP is supposed to mitigate, it's
impossible to start analyzing how well it does so. So identifying the
threats
certainly can't be the last step, and I can't actually think of anything
that comes before that.
Where would you start?
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html