> > Hey, wait a minute -- isn't that what lists already do?
>
> The discussion was whether the DKIM signature itself can serve as a
> basis for acceptance.  In other words, can a DKIM signature safely
> accrue a reputation?

If the answer isn't yes, I think we're wasting our time.

> A best practice where all DKIM recipients immediately overlay incoming
> signature with a signature assigned the role of MDA by the MDA that
> would not be accepted by any other MDA would ensure messages available
> for replay could be contained.

Even assuming that one thinks replay is a problem that DKIM needs to
address, which I don't, it's hard to imagine a rule like this being
implemented widely enough to be a problem for bad guys.

R's,
John
_______________________________________________
ietf-dkim mailing list
http://dkim.org

Reply via email to