On Thu, Aug 17, 2023, at 12:02 PM, Steffen Nurpmeso wrote:
> More, usually (it happened in the past) they then point to their
> web site, where you then *do*, and isn't the certificate of that
> website, which itself is likely verified by some CA in some CA
> pool that you do not have control over, or do not exert control
> over, also because the interface is user unfriendly, a much bigger
> problem, also security-wise, than the DKIM signature? Especially
> with DNSSEC etc etc?
If I understand correctly, there are some "no auth, no entry" requirements
being suggested by some ISPs, in which they might start requiring DKIM
signatures aligned to any/all domains in headers and body.
I guess it's not enough that the web site has a CA cert, since those are
trivial to obtain. So, now the CA problem shifts to DKIM.
Jesse
_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
