[Ietf-dkim] Re: ELI5: DKIM2 and DMARC

Fri, 21 Mar 2025 10:56:23 -0700 


On 3/21/25 9:35 AM, Mark Alley wrote:

On 3/21/2025 10:12 AM, Todd Herr wrote:
On Fri, Mar 21, 2025 at 11:05 AM Mark Alley <mark.alley=40tekmarc....@dmarc.ietf.org> wrote: 

    If Joe Schmoe, an email administrator, signs corporate mail with
    DKIM2 but have other mail streams that may not support it, or
    legacy systems incapable of using it, would not DMARC still be
    needed to apply/report to/for these other mailstreams in that
    scenario, or to protect from external entities trying to spoof
    the domain?

    I've perused the draft, and unless I'm missing text somewhere, I
    don't see where DKIM2 would fulfill the policy request for
    unauthenticated emails, unless you're saying that DKIM2 usage (or
    lack thereof) would be akin to ADSP-esque behavior in some way?



I think you're describing a world where a Domain Owner authorizes 
some mail streams using DKIM2 and some mail streams using SPF/DKIM as 
is done today.  Obviously DMARC has a place in the authentication of 
those latter streams, layered on top of SPF/DKIM as it is now, but 
that's not the world I'm thinking of here.



I'm thinking instead of a world where "DKIM2" exists and is 
effectively the only authentication protocol and its specification 
says "Receivers SHOULD reject messages that fail DKIM2 validation".


What role could DMARC play in *that* world?

--
Todd Herr
Some Guy in VA LLC
t...@someguyinva.com
703-220-4153
Book Time With Me: https://calendar.app.google/tGDuDzbThBdTp3Wx8

______________________________________


I see what you're getting at now.


So, in this world, every MTA supports DKIM2 and it's the only 
authentication protocol in use... but:



I think we can dispense with the notion some supposed DKIM2 displaces 
DKIM completely. That is never going to happen.



It also presupposes that DKIM2 is new protocol and not an update to 
DKIM. That hasn't been decided either, and frankly I've seen no evidence 
that it would be necessary. In that case its overall relationship with 
DMARC wouldn't be any different than now. Hence "premature".


Mike


_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org























					Reply via email to