Alternative draft charter text:
Domain Keys Identified Mail (DKIM, RFC 6376) associates a validated identifier with a
message. This aids receiver assessment of the message flow using that identifier,
improving reputation development and abuse detection. A DKIM-signed message can be
re-posted, to additional recipients, in a fashion that retains the original signature.
With an author and a recipient collaborating, this can "replay" the message,
using the original signer's reputation to propagate email with problematic content --
spam, phishing, and the like.
Generally, the technical characteristics of this form of abuse match that of
legitimate mail, making its detection or prevention challenging. Timestamps and
carefully-tailored message signing conventions are appealing approaches to
replay mitigation. Each has significant limitations.
The working group will develop technical specifications that describe
abusive replay scenarios and provide mechanisms for detecting or preventing
them.
It is always tempting to add quite a lot of commentary to a working
group charter. The challenge is to make sure that the commentary is
technically correct and important to a charter, rather than a more
general discussion. For example, it used to be helpful to include
reference to the initial drafts providing input to the effort, but
current wg datatracker capabilities make that unnecessary.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
mast:@dcrocker@mastodon.social
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
