Hi,
On 05.05.2025 21:29, Wei Chuang wrote:
One idea is to ask receivers to fully trust the security gateway as
the modifications done are to protect the receiver's users with best
effort by the gateway.
In this case ARC would be the only correct solution.
While DKIMv2 might provide some theoretical possibility of reversing the
transformations, in my humble opinion such absolute requirements of
trust make it too hard to figure out how in theory (if at all) DKIMv2
should be changed to accommodate.
And as such, any gateways should not be directly accounted for in the
standard. In the same exact way as we've learned with TLS(v1.3), not to
accommodate middleboxes unless absolutely necessary to let traffic pass
through.
This "certification process" is akin to adding random security appliance
root certificates to people's trust stores. It should not be done.
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
