On Tue 06/Dec/2022 22:52:33 +0100 Michael Thomas wrote:
I think that any charter should specifically call out the need for a problem statement. The problem is far more nuanced than the few lines in the proposed charter and I think that the charter should be neutral about whether the problem can be solved because that isn't clear at all. Doing something to do something is how the ARC abomination came about, and we don't need to repeat that kind of behavior.
ARC is a good forwarding tool. Its semantic differs from DKIM as it implies no claim of responsibility. So it allows an MTA to forward a message as is, according to user's wishes, without bothering about receiver's policy. That is, for example, if you don't enforce DMARC the receiver is still able to apply DMARC policies using trusted SPF results. In order to override DMARC policies, IMHO, the forwarder should be whitelisted by the recipient: an activity that could be automated, since forwarding to a different recipient requires prior agreement.
A problem statement is draft-chuang-dkim-replay-problem. It can be bettered, for example describing specific cases' actual volumes, involvement, damage and remedies.
In particular it needs to lay out the problems caused by the specific use case and how they overlap with legitimate use cases, and how complete that overlap is. It should also explore if there are ways to mitigate it with tools other than DKIM. Like for example, why is the sending domain signing spam in the first place?
Very much agreed, but that is still a DKIM question.
That should be the only deliverable from the wg along with an evaluation of whether the problem is tractable. If it is tractable, the wg should recharter with a plan of how to implement it.
Murray said it goes without saying that WGs can fail. Best Ale -- _______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
