On Thu, Oct 26, 2023 at 12:03 PM Wei Chuang <weihaw= 40google....@dmarc.ietf.org> wrote:
> I was there at M3AAWG and concur with the chair's observations. I should > also note I was part of the group who proposed restarting the DKIM WG at > Dispatch IETF-115. My hope back then was that solving DKIM replay > systematically could be a starting point for resolving more general email > authentication problems that to me seems to be the root cause of the > unresolved conflict in the DMARCbis WG. As such I'm saddened if this group > concludes with just documenting a set of best practices to mitigate DKIM > replay, as I don't feel this systematically resolves the authentication > issues such as DKIM replay that I see today. Just before M3AAWG, I saw > spammers had a campaign that used a combination of DKIM replay plus SPF > upgrade. Going forward I suspect the spammers will keep using creative > combinations of attacks driven by the Darwinian evolution afforded by the > whack-a-mole approach we're stuck with. > I don't get the impression that the community as a whole currently has the energy to tackle even smaller problems, much less things of the size you're proposing here. Some of that might be the fact that these days we are generally hacking on problems for which convergence turns out to be extremely difficult, and we're all tired. But DKIM and DMARC are not the only places where this is true; my impression is also that EMAILCORE is largely dormant lately. The place where any momentum seems to exist is over in JMAP and EXTRA, but they're not working on authentication at all. Still, I would be happy to be proven wrong, and maybe you can collect or develop momentum for a broader effort. There's no harm in trying. I would argue though that the bar is a little higher for such a thing because we've seen time and again a pattern of a lot of energy to charter and then no energy to actually do work. My fear is that this will lead to large operators calling the shots rather than the community, which often doesn't lead to the best outcomes. So if I can do anything to help develop and sustain such a community, I'm interested. -MSK, wearer of hats
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
