On Mon, Dec 12, 2022 at 5:03 PM Michael Thomas <m...@mtcc.com> wrote:
> Note that in both cases it requires the good will of the receiver (or > client in the web case). We already have the equivalent of expired certs > with the x= option. If senders are concerned about this, there is > already solution in the current specs. > At a recent meeting where I heard some mass senders talk about this problem, the use of "x=" as a mitigation technique was raised. I was curious to know what their experience was in terms of (a) success overall, but also (b) how broadly they found "x=" to have been properly implemented by receivers. I have to admit that was some months ago and now I forget the answer; maybe someone else who was there can fill in that blank. But I'm not sure that "x=" by itself is enough, given that it takes only a matter of seconds for the attack to succeed, and it seems unlikely to me that the "t=" and "x=" values would ever be that close together. -MSK
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim