I very much disagree with everything the above poster said. Deniability is a default property of all e2ee messaging apps; it’s both surprising and disheartening that email — a largely unencrypted medium — fails to provide deniability for its users. If we said that signal was behaving this way, or TLS, or any other e2ee protocol, we’d be up in arms.
==Mike > On Dec 6, 2022, at 12:11 PM, Michael Thomas <[email protected]> wrote: > > > Murray wrote: > > >> Post-delivery survival of the signature is not only not a goal, it is > >> arguably (or possibly demonstrably) a problem. > > > > Can we say more about this if we're going to take that position? A naked > > "not a goal" doesn't jive with RFC 4686, which explicitly says it is a > > goal, or at least that it was one. > > > I guess that means it comes down to making an argument about what > > experience has shown us: Does Barry's use case, plus the Thunderbird > > plug-in use case, together carry more weight than the perceived problem > > that replay causes? > > > Also, a reminder that the WG hasn't actually rechartered yet; maybe some of > > these debates should wait until that's happened. > > > I completely disagree with the notion that signatures should be removed. I > don't recall it ever being discussed one way or the other, so saying that it > is "not a goal" is just a bald assertion. Having the signature survive has > forensic value, for better or worse. Yes, and there is "for better" too. Not > to mention that MUA's have a stake in this too. Nothing requires MDA's to > create an Auth-Res header, for example. Plus there is information in the > signature header that can be useful for MUA's. > > Also: this is clearly BCP material that everybody is free to ignore. There > are no interoperability considerations. > > This working group should go back to sleep. > > Mike > > _______________________________________________ > Ietf-dkim mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ietf-dkim
_______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
