Rolf E. Sonneveld writes: > But, if this 'registration' does not apply to the 'mandatory tag draft', > that means that every sender will always add the weak signature + > 'fs=<initial domain>' and a replay attack is reduced to breaking the > weak signature?
Definitely not. Some senders may do that. I suppose many others will simply refuse to adopt the standard until it is clearly successful. Yet others may adopt heuristics to determine which of their users' correspondents are lists. Finally others might require registration of lists by the posters in their domains. Note that the signature is not "weak" (compared to DKIM) in the cryptographic sense. Rather it is weak in the sense that if you can break the crypto, you can pretend to be authorized to add material. However, if you can break the weak signature, you can break DKIM *by definition*, and therefore can pretend to be the author. So there's no need that I can see for more paranoia about the cryptography of "weak" signatures than there is for DKIM in general. The worry is that an authorized resigner might be suborned -- but that's true of TPA as well. I think the advantage of TPA is that it's very easy for the From domain to revoke the authorization and "publish" the revocation (simply by un-publishing the authorization). _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc