On 4/21/2025 11:51 PM, Richard Clayton wrote:
I think you may have overlooked some aspects of what is needed to make a
difference to the current situation.
Your design records and signs the RCPT TO of the original email and
insists that there is only one recipient per email -- so far so good.
However, you do not capture whether an intermediate system has
intentionally replayed the message (and what their identity might be).
Richard, excluding things that are out of scope is not 'missing' them.
My spec seeks only to deal with detecting Replay. It does that.
If a preserved DKIM signature validates, but the recipient address does
not match, the message has been replayed.
If an intermediary such as an alumni forwarder, wants to retain the
signature but change the RCPT-TO and to mark that action in a fashion
that permits later evaluation, that is a separate requirement. (And
what I might have missed is a clear requirements statement for needing
this; so please do point us at it.)
It -- and other functions -- well well might be worthy to pursue, but
they are separate.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
bluesky: @dcrocker.bsky.social
mast: @[email protected]
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
