On 1/18/2024 1:46 PM, Dave Crocker wrote:
The issue is not whether those broader concerns are... concerns. They
are. But the topic of DKIM Replay has to do with a scenario that is
affected by things like oversigning.
sigh. sorry. small, insignificant typo, merely flipping the sign bit...
Dave Crocker wrote in
<82f48c8d-b89c-404f-87ac-4619628dd...@dcrocker.net>:
|On 1/16/2024 3:57 PM, Evan Burke wrote:
...
|> Without oversigning those headers, DKIM would pass,
|
|Yes, oversigning is useful. And it has been useful for a very long
Just to make that clear to myself, who is
On 1/16/2024 3:57 PM, Evan Burke wrote:
DKIM Replay re-sends an /unmodified/ copy of the message, where
only the SMTP RCPT-To is different. DKIM doesn't (and can't)
cover that SMTP command.
I'd call it DKIM replay if the signature is intact.
You are, of course, free to use any
The Domain Keys Identified Mail (dkim) WG in the Applications and Real-Time
Area has concluded. The IESG contact persons are Murray Kucherawy and Francesca
Palombini.
The mailing list will remain open.
___
Ietf-dkim mailing list
Ietf-dkim@ietf.org