I've posted a draft that attempts to address an attack that's begun to
appear with DKIM. Interestingly, we called it out as a possible attack in
RFC6376 and even RFC4871, but now it's apparently happening and being
annoying enough that people (I believe from the MAAWG community) are asking
if there's a protocol solution that's possible.
https://datatracker.ietf.org/doc/draft-kucherawy-dkim-rcpts/
Comments welcome.
-MSK
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html