On Wed, Apr 2, 2025 at 10:16 AM Donald Eastlake <d3e3e3@xxxxxxxxx> wrote:
In my opinion, the Security Considerations section of a protocol RFC
should, to some extent, view the larger picture including
considerations not strictly encompassed by the protocol.
We could also consult the IANA page:
Or the DKIM spec once again:
"DKIM is only intended as a 'sufficient' method of proving
authenticity. It is not intended to provide strong cryptographic
proof about authorship or contents. Other technologies such as
OpenPGP [RFC4880] and S/MIME [RFC5751] address those requirements."
The fact that the different technologies make different tradeoffs doesn't seem too interesting. Otherwise, we would only have one way. At IETF 122, Pete Resnick made the point that there is a tradeoff between security and deliverability, at least for now. You have to do some of those things in the IANA registry for deliverability.
thanks,
Rob
-- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
