On 1/5/25 7:15 PM, Murray S. Kucherawy wrote:
On Sun, Jan 5, 2025 at 7:11 PM Michael Thomas <m...@mtcc.com> wrote:
On 1/5/25 7:07 PM, Murray S. Kucherawy wrote:
On Sat, Dec 28, 2024 at 6:31 PM Bron Gondwana
<brong=40fastmailteam....@dmarc.ietf.org> wrote:
* The SMTP RCPT TO address might not be present in the
signed header fields of an email, meaning that the same
message can be sent to arbitrarily many recipients, and
those recipients can not tell if the signer intended to
them as recipients.
Am I poking a hornet's nest here, or is it safe to state that
this is the commonly understood definition of "DKIM replay"?
No. See: crashed and burned.
I don't think you're talking about the same thing I am. I'm talking
about the definition provided in Section 8.6 of RFC 6376. There's at
least anecdotal evidence that this is a problem these days, and if
that bullet can be referenced using a common term, I think it should.
(And let's try to be constructive here.)
I'm saying that I don't think it is well understood how to differentiate
the benign from the non-benign. That is very relevant. Potter Stewart's
"I know it when I see it" is not a very good test for internet
standards. Heuristics are generally a bad idea for standards.
Mike
_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org
