> On 9 Mar 2023, at 22:47, Michael Thomas <m...@mtcc.com> wrote: > > > On 3/7/23 4:09 AM, Laura Atkins wrote: >> There is a current problem statement at >> https://datatracker.ietf.org/doc/draft-chuang-dkim-replay-problem/. Please >> take a moment to read through it and provide feedback. This chair thinks we >> should not be providing solutions in the problem statement. We should be >> primarily describing what the issue is and why we think the issue is with >> the protocol. We will deal with solutions in the actual document. > > What about solutions that have been tried but have drawbacks or are > ineffective? It would be nice to know what the current baseline is.
In some respects that depends on what form the final document takes. If we do decide that the underlying problem is something that can be addressed with a protocol change, then we probably won’t mention mitigation steps that have been tried and either have drawbacks or are ineffective. If the outcome is a document that we looked at the problem and decided that the issue isn’t with the protocol and we recommend no protocol changes then I can see the work product being a discussion of non-protocol solution space. That would include different things folks have tried what works and what doesn’t work. > Also: I continue to be concerned about the hand wave-iness of the problem. > That is both from the standpoint of M3AAWG which is members only and more > importantly from various vendors who for their own reasons have little or no > desire to disclose pertinent pieces of information in public. It's rather > hard to "fix" a black box when you don't even know what it's doing. You made your concerns abundantly clear during the re-chartering discussion. Given the IETF chose to recharter, the next steps are to craft a problem statement that documents and explains a DKIM replay attack in a way that’s accessible and understandable. Do you have any questions, edits or specific wording related to better explaining the problem for either of the drafts that are currently under discussion? laura -- The Delivery Experts Laura Atkins Word to the Wise la...@wordtothewise.com Email Delivery Blog: http://wordtothewise.com/blog
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
