On 11/26/2022 5:38 PM, Jim Fenton wrote:
Not Safe: It’s not safe because it breaks Barry’s use case above, and others have pointed out MUA usage of the signature.
DKIM signature survival after delivery is not a goal for DKIM. If you feel otherwise, you are seeking an expansion of DKIM's purpose.
Not Effective: Attackers can easily circumvent this by running their own MX (if they don’t do that already) as Laura and others have pointed out.
"Easily" is easy to say, but often difficult to measure or, at least, get consensus on.
The difference between being able to use an established receiving site, for the conduct of the replay, versus having to have one's own receiving site, is not zero expense or effort.
By way of example, open SMTP relays were deemed unacceptable. And they still are. Broadly speaking, having receivers remove the DKIM signature is a version of the same design thinking.
Or perhaps you think open relays are ok, since, after all, attackers can easily circumvent this?
We should move onto better ideas.
Or, we might have thoughtful discussion, that engages carefully with the substance, before discarding suggestions.
d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net mast:@dcrocker@mastodon.social _______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim