On Wed, Jan 29, 2025 at 6:30 PM Michael Thomas <m...@mtcc.com> wrote:
> My own motivation is the former, not the latter. That is, yes I would > like to recover the author domain signature if we can come up with a > relatively robust way to do that without creating a security hole; no, my > motivation has nothing to do with enabling uptake of "p=reject", though > that might be a side effect that I think others would find beneficial. > > It still creates a security hole. But maybe a more tractable one; we > shouldn't cop attitude that it doesn't. There are tradeoffs to both > approaches. Security is a risk/reward thing, after all. > Yep, this would need to be discussed in the Security Considerations of the protocol document, for sure. > > I think I recall that the group initiating this effort sees this new thing > as something that could supplant DMARC, but they're free to correct me if > I've got that wrong. > > Really? Yikes. Really, there is nothing new under the sun. All of this is > basically SSP as far as DKIM goes. > DMARC is basically super-SSP/ADSP, yes. We haven't stipulated in the charter that there's a policy piece to this, so I may be overstepping here (or the memory I have is of someone else doing so), which is why I invited correction. -MSK
_______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
