[ietf-dkim] draft-ietf-dkim-threats-02 nit//Message replay impact rating

[Douglas Otis]

4.1.  Attacks Against Message Signatures

...
    | Chosen message replay                       |   Low  |     M/ 
H    |
    | Signed message replay                       |   Low  |     
High    |

It is not clear how these two message replay exploits remain a low  
impact.  Obviously, just as with a compromised key, messages from a  
bad actor accrue to the exploited domain.  Neither a highly repeated  
signature nor From email-address are useful mechanisms for detecting  
these types of exploits.  Valid messages sent from various types of  
lists will exhibit the same characteristics as a message replay.  Key  
revocation, reputation, or accreditation will also be too slow to  
respond to these exploits.  If there is another explanation, then it  
should be added in the respective sections.


Change to:
    | Chosen message replay                       |   Low* |     M/ 
H    |
    | Signed message replay                       |   Low* |     
High    |

* The low impact assessment assumes the signing domain's accrual is  
not classified as a basis for acceptance.

-Doug