> On 18.05.2024 at 21:02 Dave Crocker via mailop wrote: > > On 5/17/2024 7:12 AM, Taavi Eomäe via mailop wrote: >> Although some of these dangers have been known for a while (some parts are >> even described in the RFC itself), things like the threat landscape, our >> approach and the extent to which this can be abused have changed. In our >> opinion previously suggested and (rarely) implemented mitigations do not >> reduce these risks sufficiently. >> We hope that with some cooperation from mail operators improved defense >> measures can be implemented to strengthen DKIM for everyone. > > > As I recall, the original intent was to permit successful use of DKIM in > spite of mailing lists' addition of footer text. > > I think the view of damage from DKIM failure and/or abuse was rather more > benign than suits today's email world. > > It wasn't a great feature at the time and now it is worse than that. > > Seems like the right approach is to seek community-wide pressure to deprecate > it. First through operational pressure and then with an update to the spec.
I‘m with you on the operational pressure to deprecate the length attribute, however this requires MTA software that allows you to differentiate between DKIM signatures with and without l. Is there any other than the mentioned mailauth, which doesn’t seem to have a direct MTA integration. Changing the existing DKIM specification is probably a big challenge. Another approach could be to update the wip BIMI specification with a statement that a DMARC pass must be ignored if it is solely based on valid DKIM signatures with length attributes. The BIMI specification already contains such exceptions, like DMARC quarantine policies that must be ignored if they include a pct value of less than 100, so this wouldn’t be completely new grounds. — BR Oliver ________________________________ dmTECH GmbH Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe Telefon 0721 5592-2500 Telefax 0721 5592-2777 dmt...@dm.de<mailto:dmt...@dm.de> * www.dmTECH.de<http://www.dmtech.de> GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927 Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher ________________________________ Datenschutzrechtliche Informationen Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer Datenschutzbeauftragten finden Sie hier<https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832>. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop