On Thu, Sep 7, 2023 at 10:17 AM Murray S. Kucherawy <superu...@gmail.com> wrote:
> On Thu, Sep 7, 2023 at 10:03 AM Dave Crocker <d...@dcrocker.net> wrote: > >> Keys cannot be rotated fast enough to be useful within the time frame >> that attackers work in. >> >> Key rotation works in a timeframe of days or weeks. Attackers work in >> the timeframe of minutes. >> > > I think we disqualified use of "x=" as a mitigation on the same basis. > To be clear, for us x= was one of the most effective defenses against large-scale replay attacks. Not perfect, obviously, but applied carefully and in conjunction with header oversigning, it created a significantly narrower window for attacks, and reduced the potential financial return to attackers from replay spam. I would note that the effectiveness of x= for reducing replay risk will likely vary considerably from signer to signer, depending on a number of factors; we may be better positioned than many signers in that respect.
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim