On Thu, Sep 7, 2023, at 12:02 PM, Dave Crocker wrote: > On 9/2/2023 7:29 AM, Jesse Thompson wrote: >> On Tue, Aug 29, 2023, at 9:02 PM, Dave Crocker wrote: >>> DKIM, SPF, et al, are all 'collaborative' mechanisms. Originators and >>> receivers opt in to use them. Both sides are necessary. So I'm wondering >>> about looking for something the furthers the collaboration. >> >> The lack of reporting to the originating DKIM signers about Replay and other >> kinds of DKIM failure modes is an example of "limitations at the sending >> side [...] trying to detect". Alex and I are starting to draft a proposal >> for receivers to report to signers using rfc5965 and rfc7489 semantics. > Since a Replay Attack has the act of replaying being done by an attacker, it > would not help to have a reporting mechanism for DKIM, because the attacker > would not use it. > > If you are thinking of reporting by the later receiving platform, how would > this get used? >
Is rfc6651 a lost cause? It looks like it defines a reporting mechanism in control of the signer, as opposed to the attacker. Jesse
_______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
