Steffen Nurpmeso wrote in <20250421222815.fKhku7uH@steffen%sdaoden.eu>: |Richard Clayton wrote in | <[email protected]>: ||-----BEGIN PGP SIGNED MESSAGE----- ||Hash: SHA1 || ||In message <[email protected]>, Dave ||Crocker <[email protected]> writes || ||>I've drafted a specification intended to provide a DKIM-based means of ||>controlling DKIM Replay, based on community discussions of what is \ ||>needed. || ||I think you may have overlooked some aspects of what is needed to make a ||difference to the current situation. || ||Your design records and signs the RCPT TO of the original email and ||insists that there is only one recipient per email -- so far so good. || ||However, you do not capture whether an intermediate system has ||intentionally replayed the message (and what their identity might be). | |Well it is the first draft, and both ACDC and the other thing came |to this over time, right. Add timeout necessity and database |reassurance, and it is en par. I would assume Dave Crocker is |pretty much aware of that.
And i really, really want to add one thing. The draft(s) you fight for are really bizarre in that aspect, and i wonder all the time ever since i first encountered it. Do you all really, really want to say that detected replay attack email messages should be transported further along? That is, the very first "edkim aware domain hop" should *of course* stop further transport of such a message! Otherwise it is you who is the spammer?!?!?! --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
