Alternative draft charter text:

   Domain Keys Identified Mail (DKIM, RFC 6376) associates a validated identifier with a 
message. This aids receiver assessment of the message flow using that identifier, 
improving reputation development and abuse detection.  A DKIM-signed message can be 
re-posted, to additional recipients, in a fashion that retains the original signature. 
With an author and a recipient collaborating, this can "replay" the message, 
using the original signer's reputation to propagate email with problematic content -- 
spam, phishing, and the like.

   Generally, the technical characteristics of this form of abuse match that of 
legitimate mail, making its detection or prevention challenging. Timestamps and 
carefully-tailored message signing conventions are appealing approaches to 
replay mitigation.  Each has significant limitations.

   The working group will develop technical specifications that describe 
abusive replay scenarios and provide mechanisms for detecting or preventing 
them.


It is always tempting to add quite a lot of commentary to a working group charter.  The challenge is to make sure that the commentary is technically correct and important to a charter, rather than a more general discussion.  For example, it used to be helpful to include reference to the initial drafts providing input to the effort, but current wg datatracker capabilities  make that unnecessary.

d/


--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
mast:@dcrocker@mastodon.social
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim

Reply via email to