On 29 Jan 2025, at 19:30, Michael Thomas wrote:
> On 1/29/25 6:20 PM, Murray S. Kucherawy wrote: >> My own motivation is the former, not the latter. That is, yes I would like >> to recover the author domain signature if we can come up with a relatively >> robust way to do that without creating a security hole; no, my motivation >> has nothing to do with enabling uptake of "p=reject", though that might be a >> side effect that I think others would find beneficial. > > It still creates a security hole. But maybe a more tractable one; we > shouldn't cop attitude that it doesn't. There are tradeoffs to both > approaches. Security is a risk/reward thing, after all. I’m a little unclear on the need to fully describe the “mutation” that might be applied by an intermediary. Even if fully described, you need to have some trust of the intermediary to accept the mutation, because otherwise you don’t know that the mutation doesn’t contain harmful/unwanted content (barring some magic AI thing perhaps). If you do have trust of the intermediary to only sign messages where they have verified the DKIM signature of the message received by the intermediary, shouldn’t the intermediary’s signature on the modified message should be sufficient? I thought this was effectively what ARC is doing, although I have quibbles about how ARC does it. -Jim _______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
