Chair speaking and agreeing. While I do not think it's out of scope to think about how DKIM replay attacks affect DMARC, I think it is out of scope to design DMARC to address DKIM replay attacks. These two things are very close to each other, and we're going to have to be careful about it. But if we find ourselves saying that we have to do (x) in DMARC because DKIM replay attacks are a problem, and would not need to do it otherwise, we're almost certainly on the wrong side of that boundary.
Barry On Thu, Jun 29, 2023 at 2:38 PM John Levine <jo...@taugh.com> wrote: > > It appears that Emanuel Schorsch <emschor...@google.com> said: > >> We are talking about SPF AND DKIM because of the problems with DKIM > >> replay. ... > > I hope we agree that applying bandaids to sort of fix DKIM replay is > out of scope for the DMARC WG. > > If you want to work on replay, they're down the virtual hall. > > https://datatracker.ietf.org/wg/dkim/about/ > > R's, > John > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc