>Playing around with ideas here. This one removes the "l=0" signature stuff >and instead makes DKIM-Delegate into a more self-contained thing, which I >believe was suggested (or at least inspired) by Stephen's comments. There >is still the potential for abuse during the ephemeral relationship period >(i.e., prior to expiration), but it it is now an indirect attack on the >author domain rather than a direct one. Perhaps that's more palatable in >this scenario. > >Comments welcome.
This looks an awful lot like my draft-levine-cdkim-00 and draft-levine-dkim-conditional-00 except that mine has more bits of DKIM in the cdkim signature so it can sign To and From to limit the range of spoofage. R's, John _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc