On February 4, 2023 8:38:46 AM UTC, "Murray S. Kucherawy" <superu...@gmail.com>
wrote:
>On Thu, Feb 2, 2023 at 3:26 PM Michael Thomas <m...@mtcc.com> wrote:
>
>> I guess my concern is more along the lines of what solutions *aren't*.
>> There are a bunch of drafts trying to tie the envelope to the email and I
>> think there needs to be a meta discussion of whether that is a good idea or
>> not in general. Frankly that seems like an email architecture question not
>> just a DKIM question. It would be nice to know if there is precedent for
>> that in the larger community and what the implications are. Fwiw, I don't
>> really consider the DMARC "alignment" as tickling the larger question
>> because all it is doing is reporting on it, but a case could certainly be
>> made that it is.
>>
>
>For what it's worth, the proposals that seek to offer a binding between the
>envelope and the message aren't making any sort of mandatory change to
>DKIM. It's entirely optional to the signer whether to make that connection
>using one of those proposals; conventional DKIM isn't being taken off the
>table. For instance, the idea I put forward suggests using two signatures,
>one that makes the binding and a typical one that does not. Such a tactic
>would leave the original signal about a message intact while possibly
>providing more, which seems to me to be strictly an improvement.
While literally true, I don't think it's accurate (if you assume the proposal
gets significant uptake).
If such a proposal gets a lot of traction, then the lack of such an additional
signature becomes a negative sign about the message, which damages a lot of
indirect mail flows. If this isn't the case, then there's no value in the
additional signature.
Without some way to distinguish 'good' replay, from 'bad', there will
inevitably by negative side effects.
I've yet to see a description of the problem that's distinguishable from a
mailing list that preserves DKIM signatures.
Scott K
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
