On 10/10/2024 8:05 AM, Al Iverson via mailop wrote:
My answer to the question of why: To make it slightly harder for bad guys to pick up and DKIM replay older messages.
My understanding is that the observed DKIM replay attacks have done the replay very quickly -- maybe instantly -- upon original receipt of the message. Far within any reasonable transit handling time limit.
So while the utility you suggest sounds reasonable, it almost certainly can't have any practical benefit.
And while my memory is pretty crappy, I seem to recall that during one or both DKIM replay attack discussions on the DKIM list, this point was noted.
d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net mast:@dcrocker@mastodon.social
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
