>I have only one real reservation. In section 6.3, discussing the message >replay attack, ... esp. in 2nd paragraph... It is presented as if DKIM >cannot be applied against replay since replay is indistinguishable from >acceptable acts e.g. forwarding. This is not necessarily true. A >legitimate application of DKIM may require senders to indicate specific >recipient; this would allow replay prevention, of course in the price of >requiring additional support to deal with legitimate forwarding. I'm not >suggesting DKIM should be modified to support that, indeed this is not >required at DKIM level at all, but I think the text now seems to exclude >this usage, and this should be fixed imho.
DKIM doesn't do path authentication by design. It's not a bug. It would be fine to mention that, but it would be a grave mistake to jump into the forwarding swamp from which no path authentication scheme has ever emerged. R's, John _______________________________________________ ietf-dkim mailing list http://dkim.org
