On Mon, Dec 12, 2022 at 5:03 PM Michael Thomas <m...@mtcc.com> wrote:

> Note that in both cases it requires the good will of the receiver (or
> client in the web case). We already have the equivalent of expired certs
> with the x= option. If senders are concerned about this, there is
> already solution in the current specs.
>

At a recent meeting where I heard some mass senders talk about this
problem, the use of "x=" as a mitigation technique was raised.  I was
curious to know what their experience was in terms of (a) success overall,
but also (b) how broadly they found "x=" to have been properly implemented
by receivers.  I have to admit that was some months ago and now I forget
the answer; maybe someone else who was there can fill in that blank.

But I'm not sure that "x=" by itself is enough, given that it takes only a
matter of seconds for the attack to succeed, and it seems unlikely to me
that the "t=" and "x=" values would ever be that close together.

-MSK
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim

Reply via email to