There's two reasons for that. One is that replay isn't a problem
and isn't likely to be.
You don't know it.
"Isn't a problem" - John apparently has experience as a high-profile
forgery target that says it *isn't* a problem. Do you have countering
experience to give?
"Isn't likely to be" - that's a judgement call, but, tentatively, I'd
certainly be inclined to believe him. Do you have evidence to the
contrary?
It is exceedingly rare to see a deliberately forged bounce, and it
is hard to see a plausible scenario in which bad guys would want to
forge them
After being a victim of half a dozen joe-jobs, I disagree.
Forged bounce != bounce of forgery.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML
mouse(_at_)rodents(_dot_)montreal(_dot_)qc(_dot_)ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg