[mailto:owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of
Douglas Otis
If replay does become a problem, then what is the response?
Should large domains then issue user-keys to everyone?
There is actually little difference in per-user keys and signing the
sender field.
Per user keys only make a difference if they are individually
controlled.
The value of this acceptance is reduced when a signature
must also be checked against a third-party clearing house to
decide whether this represents a message being abusively replayed.
Are you arguing that the third party clearing house protocol is
absolutely essential for DKIM to have any value at all?