On 2/4/23 12:38 AM, Murray S. Kucherawy wrote:
On Thu, Feb 2, 2023 at 3:26 PM Michael Thomas <m...@mtcc.com> wrote:
I guess my concern is more along the lines of what solutions
*aren't*. There are a bunch of drafts trying to tie the envelope
to the email and I think there needs to be a meta discussion of
whether that is a good idea or not in general. Frankly that seems
like an email architecture question not just a DKIM question. It
would be nice to know if there is precedent for that in the larger
community and what the implications are. Fwiw, I don't really
consider the DMARC "alignment" as tickling the larger question
because all it is doing is reporting on it, but a case could
certainly be made that it is.
For what it's worth, the proposals that seek to offer a binding
between the envelope and the message aren't making any sort of
mandatory change to DKIM. It's entirely optional to the signer
whether to make that connection using one of those proposals;
conventional DKIM isn't being taken off the table. For instance, the
idea I put forward suggests using two signatures, one that makes the
binding and a typical one that does not. Such a tactic would leave
the original signal about a message intact while possibly providing
more, which seems to me to be strictly an improvement.
There are architectural ramifications regardless of whether it's
mandatory or not. It would be a lot more reassuring if this were a
common and accepted practice. I don't know the answer to that. If it's
uncommon, there needs to be wider discussion imo.
Mike
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim