On Thu, Sep 7, 2023 at 10:03 AM Dave Crocker <d...@dcrocker.net> wrote:
> > The "new header field" (or similar) approach alone would not open any > doors for revocation/invalidation of the fact that the signature was > applied on that first single message. Relying solely on fast key > rotation/invalidation would mean TTLs would need to be very low to have any > effect. > > Keys cannot be rotated fast enough to be useful within the time frame that > attackers work in. > > Key rotation works in a timeframe of days or weeks. Attackers work in the > timeframe of minutes. > I think we disqualified use of "x=" as a mitigation on the same basis. -MSK, participating
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
