On 1/19/2024 6:51 AM, Al Iverson wrote:
I'm sort of boggling at the attempt to keep potential header changes and DKIM oversigning out of the exploit definition and potential solution consideration. I just don't think it makes sense to exclude this.
It makes sense because oversigning is sufficient to cover the cases of re-posting that 'merely' add header fields, whereas the scenario of sending to a collaborating receiver and re-posting a message that has no differences except the envelope rcpt-to value, does not have a know solution.
Insisting on using the same term for these two different cases has an academic purity to it, but has already been demonstrated to be destructive in practical terms, because it creates confused discussion.
d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net mast:@[email protected]
_______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
