Regarding the question of "is this DKIMbis or something bigger"? It's something bigger than just tweaks to DKIM.
The choice of the name "DKIM2" is partially branding, and partially because it re-uses the existing DNS entries for DKIM keys and large parts of the signing infrastructure. So there's plenty of DKIM in the design, but also a lot of other work. There's ideas from ARC, there's ideas from the dkim-replay discussion from a couple of years ago, and there's also a general re-thinking of asynchronous reject (creating bounces without creating a backscatter problem). In particular, when working on this design I have been thinking a lot about chain of custody on messages, and removing any asymmetric relationships in the mail flow (outbound mail A -> B -> C in DKIM2 means bounces always get sent C -> B -> A rather than directly C -> A). Direct mail flow is mostly "fine" with existing DKIM and SPF - particularly if both are aligned - though there is the BCC vs replay issue - you can't tell just from the DKIM signature and the bytes of a message whether the signer intended that you be a recipient of the message or not. This work is built around making indirect mail flow just as good; with a special focus on how to deal with modifications PLUS indirect flow (and yes, we could define "indirect" more clearly in the charter text) It will have to run in parallel with existing systems for "a while". This could make adoption hard, which is why there's been careful attention paid to addressing a wide range of issues so that the benefits are significant and it will be worthwhile making the effort to upgrade. The benefits scale so that the big sites are likely to support the new scheme very quickly and eventually retire support for existing mechanisms. Obviously, I believe that the proposed design is compelling enough to gain adoption. I know there are others who believe so as well, which is why they have commented in favour of this re-chartering. Cheers, Bron -- Bron Gondwana, CEO, Fastmail Pty Ltd br...@fastmailteam.com
_______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
