On Fri, Feb 10, 2023 at 11:47 AM Dave Crocker <d...@dcrocker.net> wrote:
> On 2/10/2023 11:35 AM, Wei Chuang wrote: > > ARC is a tool to help support modern Indirect Mail Flows, and I > > believe belongs in the solution space to be explored. > > Since ARC uses the same technology as DKIM and uses it in pretty much > the same was, my understanding is that it, too, has the potential for > replay. Having a reference to this fact makes sense to me. > > It doesn't need more than a mention, at this point, I believe, which > makes the current quick, reference exactly the right text, IMO. > +1 I realize there are some mixed opinions on ARC, but it's actively used on several of the world's largest email systems - some of the same ones where DKIM replay attacks are focused - so it's worth consideration as part of the solution space. It may not end up being a viable option, but now isn't the time to write it off.
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
