+1 With 5617 was the DKIM=ALL policy - anyone can sign. Offered no authorization protection.
dkim=discardable offers 1st party signaing protection — just like DMARC offers. Both failed in validating the 3rd party signer. All the best, Hector Santos > On Feb 8, 2024, at 11:26 AM, Jim Fenton <fen...@bluepopcorn.net> wrote: > > On 6 Feb 2024, at 14:47, Murray S. Kucherawy wrote: > >> On Tue, Feb 6, 2024 at 2:33 AM Jeroen Massar <jeroen= >> 40massar...@dmarc.ietf.org> wrote: >> >>> `req=dkim`: requires DKIM, messages not properly signed are then to be >>> rejected/quarantined based on 'p' policy. >>> >> >> This sounds like what RFC 5617 tried to do, minus the constraint that the >> signing domain be equal to the author domain, which is one of the key >> pieces of DMARC. Isn't this a pretty big scope expansion? > > For the record, RFC 5617 did constrain the signing domain to be the author > domain. From Sec. 2.7: > >> An "Author Domain Signature" is a Valid Signature in which the domain name >> of the DKIM signing entity, i.e., the d= tag in the DKIM-Signature header >> field, is the same as the domain name in the Author Address. > > -Jim > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc