Re: [ietf-dkim] draft-kucherawy-dmarc-rcpts

2016-11-28 Thread Murray S. Kucherawy
Yes, later in the thread we all agreed that "don't do this" is far better than any protocol solution. On Mon, Nov 28, 2016, 11:30 Jim Fenton wrote: > Waking up to this thread a little late... > > > On 11/14/16 7:38 AM, Michael Thomas wrote: > > On 11/13/2016 09:38 PM,

Re: [ietf-dkim] draft-kucherawy-dmarc-rcpts

2016-11-28 Thread Jim Fenton
Waking up to this thread a little late... On 11/14/16 7:38 AM, Michael Thomas wrote: > On 11/13/2016 09:38 PM, Murray S. Kucherawy wrote: >> On Sun, Nov 13, 2016 at 9:39 PM, Mark Delany > > wrote: >> >> Hi Murray. >> >> >> Mark! >> >>

Re: [ietf-dkim] draft-kucherawy-dmarc-rcpts

2016-11-14 Thread Martijn Grooten
On Mon, Nov 14, 2016 at 02:48:01PM +0900, Murray S. Kucherawy wrote: > On Mon, Nov 14, 2016 at 5:30 AM, Martijn Grooten > wrote: > > It isn't very clear to me how this proposal deals with receipients at > different domains, including but not limited to blind

Re: [ietf-dkim] draft-kucherawy-dmarc-rcpts

2016-11-13 Thread Murray S. Kucherawy
On Sun, Nov 13, 2016 at 9:39 PM, Mark Delany wrote: > Hi Murray. > Mark! > RFC6376 and even RFC4871, but now it's apparently happening > > I'd be interested to hear about the actual scenarios. Are the targeted > users somehow given an indication that the email verifies

Re: [ietf-dkim] draft-kucherawy-dmarc-rcpts

2016-11-13 Thread Martijn Grooten
On Sun, Nov 13, 2016 at 03:50:05PM +0900, Murray S. Kucherawy wrote: > https://datatracker.ietf.org/doc/draft-kucherawy-dkim-rcpts/ > > Comments welcome. Thanks for this. It isn't very clear to me how this proposal deals with receipients at different domains, including but not limited to blind

Re: [ietf-dkim] draft-kucherawy-dmarc-rcpts

2016-11-13 Thread Mark Delany
Hi Murray. > RFC6376 and even RFC4871, but now it's apparently happening I'd be interested to hear about the actual scenarios. Are the targeted users somehow given an indication that the email verifies and it's from a credible domain and yet it contains a malevolent payload? This sounds like

[ietf-dkim] draft-kucherawy-dmarc-rcpts

2016-11-12 Thread Murray S. Kucherawy
I've posted a draft that attempts to address an attack that's begun to appear with DKIM. Interestingly, we called it out as a possible attack in RFC6376 and even RFC4871, but now it's apparently happening and being annoying enough that people (I believe from the MAAWG community) are asking if