On Sat, Dec 31, 2022 at 10:44 PM Wei Chuang <weihaw= 40google....@dmarc.ietf.org> wrote: > I'm worried about duplicating work unnecessarily as the M3AAWG has an email authentication BCP. If the WG to-be indeed does want to generate the BCP, perhaps the M3AAWG document can be the basis for an IETF document assuming M3AAWG is okay with that, or the WG can partner with M3AAWG to produce a common document. I think both are possible as there's a fair amount of people overlapping between the IETF and M3AAWG, and I know that M3AAWG organizationally wants to help here.
I believe there's a revision underway for the general M3AAWG auth BCP doc, which will include a handful of sender-focused recommendations for reducing the viability of replay attacks. There is also a DKIM replay specific M3 BCP doc in progress with more in-depth recommendations.
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim