Re: [Ietf-dkim] Call for adoption results: draft-ietf-dkim-replay-problem Adopted

On Wed, Aug 9, 2023 at 3:14 PM Steffen Nurpmeso wrote: > And couldn't it become standardized that verification results then > must be included in future DKIM signatures? > So then a verifier inserts a RFC 7001 header, and that will be > covered by a further DKIM signature. > Aren't you basically

Re: [Ietf-dkim] Call for adoption results: draft-ietf-dkim-replay-problem Adopted

Steffen Nurpmeso wrote in <20230809214100.nzjxy%stef...@sdaoden.eu>: |Steffen Nurpmeso wrote in | <20230809211602.8mpmd%stef...@sdaoden.eu>: ||Steffen Nurpmeso wrote in || <20230809205628.ua41r%stef...@sdaoden.eu>: |||Murray S. Kucherawy wrote in ||| : On Wed, Aug 9, 2023 at 9:07 AM Ste

Re: [Ietf-dkim] Call for adoption results: draft-ietf-dkim-replay-problem Adopted

Steffen Nurpmeso wrote in <20230809211602.8mpmd%stef...@sdaoden.eu>: |Steffen Nurpmeso wrote in | <20230809205628.ua41r%stef...@sdaoden.eu>: ||Murray S. Kucherawy wrote in || : |||On Wed, Aug 9, 2023 at 9:07 AM Steffen Nurpmeso \ |||wrote: ... |I mean, of course DKIM could go further and

Re: [Ietf-dkim] Call for adoption results: draft-ietf-dkim-replay-problem Adopted

Steffen Nurpmeso wrote in <20230809205628.ua41r%stef...@sdaoden.eu>: |Murray S. Kucherawy wrote in | : ||On Wed, Aug 9, 2023 at 9:07 AM Steffen Nurpmeso \ ||wrote: ... |Ok. Assumed the normal per-message DKIM signature gets a new flag |that signals that an additional per-recipient-domain

Re: [Ietf-dkim] Call for adoption results: draft-ietf-dkim-replay-problem Adopted

Murray S. Kucherawy wrote in : |On Wed, Aug 9, 2023 at 9:07 AM Steffen Nurpmeso wrote: ... |There aren't per-user DKIM keys. I mean, there could be, but that's not |how it's designed or maintained. | |So the best you could do is per-recipient-domain signatures, but I don't |think that sol

Re: [Ietf-dkim] Call for adoption results: draft-ietf-dkim-replay-problem Adopted

On Wed, Aug 9, 2023 at 9:07 AM Steffen Nurpmeso wrote: > All these problems are long known to (and "solved" by) the OpenPGP > (and S/MIME) communities, no? > In OpenPGP you can either encrypt-to a single or many recipients. > (With at least GnuPG you can also "hide" those recipients: > >‐

Re: [Ietf-dkim] Call for adoption results: draft-ietf-dkim-replay-problem Adopted

Murray S. Kucherawy wrote in : |On Wed, Aug 9, 2023 at 2:54 AM Laura Atkins \ |wrote: |> If there are multiple BCCs that implies that whatever is creating \ |> the mail |> must make individual copies of the message with only the BCC recipient in |> that line before it’s signed with DKIM. So

Re: [Ietf-dkim] Call for adoption results: draft-ietf-dkim-replay-problem Adopted

> On 9 Aug 2023, at 15:55, Murray S. Kucherawy wrote: > > On Wed, Aug 9, 2023 at 2:54 AM Laura Atkins > wrote: >> If there are multiple BCCs that implies that whatever is creating the mail >> must make individual copies of the message with only the BCC recipien

Re: [Ietf-dkim] Call for adoption results: draft-ietf-dkim-replay-problem Adopted

On 8/9/2023 7:55 AM, Murray S. Kucherawy wrote: I have heard, but have not verified, that some MLMs do this one-recipient-per-copy thing already, despite RFC 5321 encouraging the opposite.  If true, I don't know whether this was done to allow per-instance signing or because it allows for better

Re: [Ietf-dkim] Call for adoption results: draft-ietf-dkim-replay-problem Adopted

On 09/08/2023 15:55, Murray S. Kucherawy wrote: because it allows for better tracking and association of bounces This. -- Cheers, Jeremy ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim

Re: [Ietf-dkim] Call for adoption results: draft-ietf-dkim-replay-problem Adopted

On Wed, Aug 9, 2023 at 2:54 AM Laura Atkins wrote: > If there are multiple BCCs that implies that whatever is creating the mail > must make individual copies of the message with only the BCC recipient in > that line before it’s signed with DKIM. So for a message with 3 BCCs, there > are 4 separat

Re: [Ietf-dkim] Call for adoption results: draft-ietf-dkim-replay-problem Adopted

On 9 Aug 2023, at 2:53, Laura Atkins wrote: > If there are multiple BCCs that implies that whatever is creating the mail > must make individual copies of the message with only the BCC recipient in > that line before it’s signed with DKIM. So for a message with 3 BCCs, there > are 4 separate cop

Re: [Ietf-dkim] Call for adoption results: draft-ietf-dkim-replay-problem Adopted

On Wed, Aug 9, 2023 at 2:54 AM Laura Atkins wrote: > It seems to me there is a lot of heavy lifting to be done to make sure > that the individual recipient only sees a copy of the message with their > address in the BCC header. > > If there are multiple BCCs that implies that whatever is creating

Re: [Ietf-dkim] Call for adoption results: draft-ietf-dkim-replay-problem Adopted

> On 9 Aug 2023, at 04:20, Jesse Thompson wrote: > > On Tue, Aug 8, 2023, at 12:55 AM, Murray S. Kucherawy wrote: >> On Mon, Aug 7, 2023 at 9:23 PM Jesse Thompson > > wrote: >> On Mon, Aug 7, 2023, at 10:54 PM, Murray S. Kucherawy wrote: >>> On Mon, Aug 7, 2023 at 8:00

Re: [Ietf-dkim] draft-ietf-dkim-replay-problem comments

On Tue 08/Aug/2023 16:47:23 + Murray S. Kucherawy wrote: On Tue, Aug 8, 2023 at 9:25 AM Alessandro Vesely wrote: On Tue 08/Aug/2023 14:47:37 + Murray S. Kucherawy wrote: On Tue, Aug 8, 2023 at 7:17 AM Scott Kitterman wrote: That's true of all indirect mail flows. It's not a distingu