All The DKIM working group is now active again (thanks Murray!). The chairs wanted to send out a short note to welcome everyone and talk about our next steps.
Our first deadline is next month - to get a consensus problem statement submitted on the IETF data tracker at https://datatracker.ietf.org/group/dkim/ There is a current problem statement at https://datatracker.ietf.org/doc/draft-chuang-dkim-replay-problem/. Please take a moment to read through it and provide feedback. This chair thinks we should not be providing solutions in the problem statement. We should be primarily describing what the issue is and why we think the issue is with the protocol. We will deal with solutions in the actual document. There was also a DKIM replay session at the most recent M3AAWG meeting. As I understand it, they’re working on a BCP in parallel with the IETF. Many folks are active in both groups. Due to M3AAWG privacy requirements, we are constrained in what we can share from the meeting itself. However, if you were here and were on the panel or part of the discussions, feel free to share with us some of your thoughts on the problem, possible solutions and what your organizations have done to address the issue. One of the panel members has shared the following from what he said at the session: * RFC 6376 itself says "x=" is not a viable mechanism to deal with replay. * There may only be a best practices solution, and not a protocol solution. * DKIM has since the beginning kept itself completely separate from the message transport. Several of the proposed solutions (including mine) take leaps of varying sizes into the realm of DKIM knowing something about the transport; the lightweight ones connect the message to the envelope somehow, and the more heavyweight ones mean DKIM filters have to learn about MXes and whatnot. We have to be absolutely certain that we want to break that wall if we go this way, because once we do, there will be no turning back. There was also a DKIM replay session at the most recent M3AAWG meeting. As I understand it, they’re working on a BCP in parallel with the IETF. Many folks are active in both groups. Due to M3AAWG privacy requirements, we are constrained in what we can share from the meeting itself. However, if you were here and were on the panel or part of the discussions, feel free to share with us some of your thoughts on the problem, possible solutions and what your organizations have done to address the issue. We will not meet in Yokohama due to the timing of being rechartered, but we are considering a one hour interim in April if there appears to be points of discussion. laura (as chair) -- The Delivery Experts Laura Atkins Word to the Wise la...@wordtothewise.com Email Delivery Blog: http://wordtothewise.com/blog
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
