Preference should be given to the author domain explicitly authorized resigners, how ever that black box functionality is achieved. Currently, there are three DNS-based authorization proposals on the table. From Murray's follow-up comments, the DKIM-delegate is basically an optimizer to avoid doing a lookup. If this can address the basic protocol fault failures the DNS lookup proposals addresses, the I would like see how that is done. I plan to study the draft more.
The most basic protocol fault is when no signatures, no extra new headers are available -- the legacy operation. Here the lookup is required. If not, the bad guy loophole is simply to remain in legacy mode. They don't need to think about trying to find a fake signature. -- Hectorb Santos http://www.santronics.com > On Jun 10, 2014, at 10:25 AM, Dave Crocker <dcroc...@gmail.com> wrote: > >> On 6/10/2014 4:19 PM, Murray S. Kucherawy wrote: >> Yes but are you assuming you only put the weak DKIM signature, when >> you specifically know you are emailing a mailing list? >> >> Or what about a receiver which is not a mailing list? You are just >> allowing better replay of the message, if you put any weak DKIM >> signature in the message... Unless the weak DKIM signature is >> constrained to a specific usage. >> >> >> You're constraining it to use by a specific, very small set of domains, >> and only for a limited time. > > > Then again, let's note that this double-signed mail is going to show up > at some receivers that don't know about DKIM-delegate. > > The underlying point needs to be that a receiver that is faced with > multiple signatures for the same domain needs some assessment of which > is the 'strongest' and to give that one the preference. > > d/ > > -- > Dave Crocker > Brandenburg InternetWorking > bbiw.net > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
