On 20 Nov 2022, at 11:08, Dave Crocker wrote:
> On 11/11/2022 7:19 AM, Murray S. Kucherawy wrote: >> I think you've hit on possibly the most interesting part of this: In RFC >> 6376, we said "You're taking some responsibility for this message... and oh, >> by the way, it could get replayed, and your claimed responsibility extends >> to that case as well". I don't know that we underscored the latter very >> much then or since. > > > At the time DKIM was first developed, we knew that replay was possible. It > was deemed a lesser concern. Back then. Yep. My recollection was- the (signed) Date: header would get further in the past the longer a replay is used, which would/could be a sign of misbehavior- the message body would still be immutable, and thus subject to bulkiness detection (for instance tracking the signature's occurrences)- the signing domain still would have responsibility for the message, which we assumed/guessed/predicted would be useful in reputation systems. miles
_______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
