On 14/11/22 20:07, Wei Chuang wrote:
On Sun, Nov 13, 2022 at 8:50 PM Roland Turner
<roland=40rolandturner....@dmarc.ietf.org> wrote:
On 13/11/22 03:05, Wei Chuang wrote:
On Fri, Nov 11, 2022 at 11:17 PM Roland Turner
<roland=40rolandturner....@dmarc.ietf.org> wrote:
1. Unless one or more of the larger receivers (a) has a
useful tool to help with this problem, and (b) is willing
to share operational experience, then we risk creating
yet another lengthy, academic exercise (remember ADSP?).
I'd suggest that this might be enough reason by itself
not to proceed.
See the dispatch slides here
<https://datatracker.ietf.org/meeting/115/materials/slides-115-dispatch-dkim-replay-problem-and-possible-solutions>
for
operational experience and impact for at least Gmail and Fastmail
(the presenters). See the introduction.
Thanks, but that deck appears to contain no information about
operational experience or impact for either organisation, it
merely describes the attack and surveys the proposed improvements
to defences. Also, while Bron's role at Fastmail is clear, your
own involvement with Google's receiving of email is not: are you
in fact part of Google's email abuse control function?
Yes. As to my role in this, I am a Gmail delivery team lead with
responsibility over the email authentication systems. The
introduction in that slide deck represents the consensus description
between the anti-abuse and delivery teams with feedback from Bron and
others as to the behavior and impact of DKIM replay, and was based on
a longer version presented at the M3AAWG 56 BoF that was shortened to
fit into the allotted time for Dispatch. I can also say that Gmail is
very interested in seeing a DKIM replay solution be developed in the
IETF. Depending on how this goes, if the solution is technically
sound and feasible, yes we will invest in prototyping the specification.
Understood, and thanks for clarifying. That addresses my concern, so
long as "delivery team" and incoming protection teams talk!
My hope is of course that your presence in the WG will help remove the
risk of a non-sound/feasible solution being adopted.
- Roland
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim