-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In message <[email protected]>, Dave Crocker <[email protected]> writes
>On 4/21/2025 11:51 PM, Richard Clayton wrote: >> I think you may have overlooked some aspects of what is needed to make a >> difference to the current situation. >> >> Your design records and signs the RCPT TO of the original email and >> insists that there is only one recipient per email -- so far so good. I agree with John Levine that you cannot determine that other systems checked this ... so that "so far" is not in fact very far at all. >> However, you do not capture whether an intermediate system has >> intentionally replayed the message (and what their identity might be). > >Richard, excluding things that are out of scope is not 'missing' them. > >My spec seeks only to deal with detecting Replay. It does that. If you do not add other features to it then your proposal is of no practical use .. there are many flows where "replay" occurs, where everyone wishes to deliver the resulting email. However, there are situations where the replay is malicious (and usually at considerable scale) and delivery of the email is not a sensible outcome. I outlined in my previous email what other features could be part of a protocol beyond merely recording the existence of replay -- and how systems could use those features. Mere identification of "replay" is just not sufficient to address any of today's abuse issues. - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBaAeTXGHfC/FfW545EQKRuQCdG3CA7gZme3vWEWbCZdQbRkoYbYsAoOEd U+CpIh8Jcn7IRj7ryYGqB53S =7CLf -----END PGP SIGNATURE----- _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
