On Thu, Sep 7, 2023 at 3:15 PM Evan Burke <evan.bu...@mailchimp.com> wrote:
> To be clear, for us x= was one of the most effective defenses against > large-scale replay attacks. Not perfect, obviously, but applied carefully > and in conjunction with header oversigning, it created a significantly > narrower window for attacks, and reduced the potential financial return to > attackers from replay spam. I would note that the effectiveness of x= for > reducing replay risk will likely vary considerably from signer to signer, > depending on a number of factors; we may be better positioned than many > signers in that respect. > So this is interesting, in the sense that: (1) RFC 7489 warns against using "x=" for this purpose, so if that turns out to have been the wrong advice and there's evidence to back that up, then this is an opportunity for us to say so; and (2) If such a combined (e.g., with oversigning) technique isn't terribly IPR-encumbered, you're free to put forward a description of what you did as a mitigation strategy, which this WG was hoping to produce; even if DKIM itself isn't modified, this could be an Applicability Statement. -MSK, participating
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
