On Mon, Nov 14, 2022 at 11:03 AM Alessandro Vesely <ves...@tana.it> wrote: > > On Mon 14/Nov/2022 05:50:42 +0100 Roland Turner wrote: > > I'd point out that all but one of those things is either redundant (vs. say > > ARC), unacceptably harmful (we use DKIM *in the first place* to facilitate > > forwarding outside of the domain-registrant/sender's control), or both. > > +1, Scott is right when he says DKIM is working as designed.
Well, yes and no. It is working as designed in that it was not explicitly designed to prevent replay other than through the x= tag. But as one of several people in this discussion who took part in the design, I can tell you that replay was absolutely considered, that we *wanted* to do more to prevent replay, and that *allowing* replay is definitely not "working as designed". We spent quite a bit of time looking at how we could deal with replay, but given what we knew and what our constraints were at the time (and the importance we thought replay attacks would have), we couldn't come up with something we thought was workable. We hoped that the problem would be minimal and that x= would be enough. We now have more experience, a better sense of which use cases and features are more important and which are less so, more awareness of how serious the problem is, different people with new ideas, and so on. I'm on the fence about the current proposals and have to think about and consider them more. I am NOT on the fence about the need to consider them -- and other possible solutions -- and to discuss and decide on a way forward. That's what this proposed working group is for. If you think that nothing should be changed and every proposed solution breaks more than it fixes, that's a perfectly reasonable view and one that needs to be part of the working group's consideration. I DON'T think that means that we shouldn't have the working group and have the discussion. Barry _______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
