On Tue, Jan 3, 2023 at 4:04 PM Michael Thomas <m...@mtcc.com> wrote: > Yet another reason why I'm skeptical. If there were a viable protocol > solution to this, why hasn't M3AAWG found it? Why re-spin up a working > group with a what appears to be a greenfield solution space if an active > industry working group hasn't chimed in? If there were some viable protocol > solution, I would expect they would at least put it forward. Working groups > are infinitely more productive if there is some collective agreement about > the general parameters of a solution, even if the particulars need to be > vetted. The couple of solutions I've seen thus far are either trivially > breakable (= striping signatures at MDA's), or frightening to contemplate > what they'd break (= tying envelope to message). That doesn't give me the > warm fuzzies about any protocol level solution. > > Also: if they are indeed working on a BCP, it would be far better to use > that as input rather than reinventing wheels. > While I wouldn't presume to speak for M3AAWG, and although some M3AAWG work products have been used as inputs to the IETF process (such as RFC 6449, to cite but one example), and although there are many people that are active both in M3AAWG and the IETF, it's my sense that M3AAWG doesn't see itself as a body that proposes changes to existing protocols. Rather, I've always seen M3AAWG as an organization that primarily figures out the best way to make use of existing protocols and publishes documents describing those best uses in the fight against messaging and other abuse.
I'm not at liberty to speak about the content of current M3AAWG work on the topic of DKIM replay attacks or what direction that work has taken, but everything I've seen so far has been recommendations to do things already permitted by the protocols in existence, recommendations that have almost certainly been implemented by a number of M3AAWG member companies. Those recommendations are not bulletproof, however, and so people have come here to see if there might be a forum for defining updates to the DKIM protocol that might make it more resistant to replay attacks. -- *Todd Herr * | Technical Director, Standards and Ecosystem *e:* todd.h...@valimail.com *m:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
