Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

Fri, 10 Feb 2023 11:46:38 -0800 


On 2/10/23 11:35 AM, Wei Chuang wrote:



On Fri, Feb 10, 2023 at 11:09 AM Michael Thomas <m...@mtcc.com> wrote:


    On 2/10/23 10:23 AM, Wei Chuang wrote:

    Hi all,
    I've posted an updated version of the
    draft-chuang-dkim-replay-problem-01
    <https://datatracker.ietf.org/doc/draft-chuang-dkim-replay-problem/01/>
    draft.  It cleans up a lot from the -00 rough draft state so
    hopefully it's more clear.  It builds a case that spammers are
    exploiting DKIM through replay, identifies conflicting scenarios,
    and outlines a solution space.



    Again, drop the reference to ARC. it is: 1) Experimental, 2) the
    claim about it is wrong (DKIM can already sign a previous
    auth-res), and 3) this is the DKIM wg and it holds no power to
    make changes in it anyway.


I disagree.  ARC is a tool to help support modern Indirect Mail 
Flows, and I believe belongs in the solution space to be explored.  
The large section in that draft is explicitly to make the point that 
we need to support those Indirect Mail Flows when we come up with a 
solution for DKIM Replay.  Please come up with a workable proposal 
preferably in I-D form to support Indirect Mail Flows and prevent DKIM 
replay.



I will do no such thing. I've already made it plain here and elsewhere 
that I don't think there is a solution to the mailing list problem, and 
trust me there is probably nobody else who has tried more. That's why I 
wrote this:


https://rip-van-webble.blogspot.com/2020/12/are-mailing-lists-toast.html


And regardless of whether I'm wrong and there is a ultimate solution, 
ARC most certainly is not that solution. It's not doing anything that 
DKIM can't already do and the "seal" mechanism is extremely suspect as 
to what it's actually providing. Thank goodness it was just an experiment.



But as I said, this is the DKIM working group. If DMARC wants to update 
ARC after this iteration of this wg concludes, they are more than 
entitled take that work up.


Mike, would that I had known about ARC before it hit the streets.


_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim






















					Reply via email to