I have only one real reservation. In section 6.3, discussing the message
replay attack, ...
esp. in 2nd paragraph... It is presented as if DKIM
cannot be applied against replay since replay is indistinguishable from
acceptable acts e.g. forwarding. This is not necessarily true. A
legitimate application of DKIM may require senders to indicate specific
recipient; this would allow replay prevention, of course in the price of
requiring additional support to deal with legitimate forwarding. I'm not
suggesting DKIM should be modified to support that, indeed this is not
required at DKIM level at all, but I think the text now seems to exclude
this usage, and this should be fixed imho.
DKIM doesn't do path authentication by design. It's not a bug.
It would be fine to mention that, but it would be a grave mistake to
jump into the forwarding swamp from which no path authentication
scheme has ever emerged.
R's,
John
_______________________________________________
ietf-dkim mailing list
http://dkim.org