On 11/11/2022 7:19 AM, Murray S. Kucherawy wrote:
I think you've hit on possibly the most interesting part of this: In RFC 6376, we said "You're taking some responsibility for this message... and oh, by the way, it could get replayed, and your claimed responsibility extends to that case as well". I don't know that we underscored the latter very much then or since.
At the time DKIM was first developed, we knew that replay was possible. It was deemed a lesser concern. Back then.
But the "by the way" that you've added was /not/ part of the thinking then and it occurs to me that a) no it was not and is not intended, and b) this might argue for *having MDAs remove DKIM signatures...*
Seriously. DKIM is intended as a transit-time mechanism. When delivery occurs, transit is done. So DKIM has done its job and can (safely?) be removed.
d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net mast:@[email protected] _______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
