On 26 Nov 2022, at 15:20, Barry Leiba wrote:
> We have to decide whether it's worth breaking that use case in order
> to address the replay situation. My opinion is that it's not --
> because, as I say, I rely on that use case extensively. My system
> would have to change *significantly* in ord
(re-send, fixing list address)
On 11/26/2022 3:20 PM, Barry Leiba wrote:
I will say that the use case that is broken by removing the signature
is the "re-send" case, where the MUA or some other post-delivery agent
(perhaps a sieve script) re-introduces the message with a different
RCPT TO but
On 26/11/2022 23:20, Barry Leiba wrote:
I will say that the use case that is broken by removing the signature
is the "re-send" case
There was another use-case already noted: where the MUA verifies the DKIM
for the purpose of display to the user. Example: the "DKIM Verifier"
add-on for Thunderb
I will say that the use case that is broken by removing the signature
is the "re-send" case, where the MUA or some other post-delivery agent
(perhaps a sieve script) re-introduces the message with a different
RCPT TO but the same MAIL FROM and "From:". I don't know how often
this happens nowadays,
On 11/25/2022 2:26 AM, Laura Atkins wrote:
What’s stopping large providers from removing DKIM now if they wanted to?
Nothing at all. That they can choose to, if they wish, is one of the
appealing aspects to this. It permits unilateral adoption.
Or have they actually made the choice to ke
