Michael Thomas wrote in <64e1c5a3-fc36-464c-b91c-98de82a1e...@mtcc.com>: |On 1/27/25 12:41 PM, Emanuel Schorsch wrote: ... |That's not entirely true: mutating intermediaries are more than welcome |to resign the message they modify. That's always been the case. By |resigning it, they are taking responsibility for the changes. That
That surprises me given the attitude "it is believed DKIM signatures are resorted" that this WG has shown to me. Can you point to a DKIM filter which uses the Received: stack to decide upon which DKIM signature to test? Please: are you saying DKIM signatures form a stack? |allows receivers to use the intermediary's reputation as part of the |filtering mechanism. You are not talking DKIM here? |I agree that the intermediary annotating what they did to the message is |a better idea, but it's six of one, half dozen of the other on the |security front. If this gets uptake, I think that would be good thing, |and better than z= and l= which were the only things likely to be |deployed at the time. But trashing l= also trashes any other annotating |scheme's security as well, so tread lightly, IMO. I've always thought |that the risks were overblown, and I think that's the stance that people |should take for any new incarnation of figuring out what changed from |the original sender. The good thing of the DKIM v1 extension ACDC is that for the first time changes can be undone, and former states can be cryptographically verified. Therefore, for the first time, a real reputation database can be build, upon facts. I truly believe that "warping trust around the corner" works only for social(ized) human beings, not for software. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) | |In Fall and Winter, feel "The Dropbear Bard"s pint(er). | |The banded bear |without a care, |Banged on himself for e'er and e'er | |Farewell, dear collar bear _______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
