On 16 Aug 2023, at 10:57, Jon Callas wrote: >> On Aug 16, 2023, at 10:25, Alessandro Vesely <[email protected]> wrote: >> >> To repeat my questions, then, would limiting (qualified) DKIM signatures to >> verified accounts diminish replay attacks by any amount? Is this kind of >> solution acceptable? > > There's two reasons that this isn't acceptable. One is that DKIM is > domain-level signing, not user-level signing, and that's been so since the > beginning. DKIM is *intentionally* designed with that as an anti-goal. The > second is the historical use of email, where addresses are not accounts.
Deciding whether to apply a DKIM signature based on the submitting user is not the same thing as user-level signing. Signers can use any criteria they want in deciding whether to sign an outgoing message. > In that second historic case, it's not acceptable because there are lots of > cases out there where there are virtual addresses, not really an account, and > yet from time to time a message has to be sent with a `From` of that address. I have lots of virtual addresses. When submitting a message to my outgoing MTA, I still authenticate to it as myself. If my outgoing MTA served multiple users, it should check whether the From address corresponded to my account. In the situation Ale is considering, the decision on whether to sign or not would depend on the submitting user, which is not necessarily the From address on the message. -Jim _______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
