> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of Scott > Kitterman > Sent: Saturday, January 28, 2012 7:15 AM > To: [email protected] > Subject: [marf] rd= Reporting Domain Tag In draft-ietf-marf-dkim-reporting > > My proposal is to drop 3.1. Extension DKIM Signature Tag and change > the address construction in the ra= tag to use the signing domain (d=) > in the signature. In this manner the reports will only go back where > they came from (in a general sense).
The point of the extension tag is to add an active signal that the extra DNS work is supposed to be done to determine the reporting address. Absent that, any Verifier participating in reporting will query the DNS of the signing domain for a reporting address, even for signatures that don't claim to request reporting. I suppose it's not a huge difference though (i.e., if you want to make the attack, just include the "rd=" tag too). -MSK _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
