On 12/12/22 4:57 PM, Grant Taylor wrote:
On 12/11/22 8:34 AM, Dave Crocker wrote:
I think a simple -- and hopefully not too simplistic -- question to
consider in the context of replay and other misuses of DKIM, is when
is it reasonable to make a fresh validation effort invalid? When
should a random, remote agent no longer be able to 'validate' the
signature?
I'd like to draw an analogy to S/MIME signatures on messages.
Specifically, does the signature of a signed message that validates
today supposed to fail tomorrow just because of the relatively short
intervening time when the signing S/MIME certificate expired?
Also, consider the scenario where a signature validates yesterday, but
will be rejected next week after I revoke the signing certificate
today. There is value in re-checking signatures /after/ delivery,
specifically to subsequently check for revocation /after/ delivery.
I don't know if the concept of my analogy is directly applicable to
DKIM signatures, but I think it's in the ball park.
Note that in both cases it requires the good will of the receiver (or
client in the web case). We already have the equivalent of expired certs
with the x= option. If senders are concerned about this, there is
already solution in the current specs.
Mike
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
