Joining the conversation a little date due to travel… On 21 Mar 2025, at 21:41, Todd Herr wrote:
> - DKIM2, as currently described, allows and even encourages receivers to > reject messages that fail DKIM2 validation I got that sense from the discussion and from something in the motivation draft that I can’t find right now. I think this is dangerous. Unless you’re saying that unsigned messages will also be rejected, you’re describing a situation where a mis-signed message is treated more harshly than an unsigned message. That means that a domain is taking a risk of nondelivery by signing with DKIM2 in case it mis-signs messages or some forwarder does so. The one other example I can think of where mis-signing is treated more harshly than not signing at all is DNSSEC. I’m not an expert on DNSSEC deployment, but I suspect that the risk associated with mis-signing causing a zone to effectively disappear is a significant disincentive to DNSSEC deployment. I don’t think we want to create a disincentive to signing with DKIM++. -Jim _______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
