On Wed, Aug 26, 2020 at 1:32 PM Doug Foster <fosterd= 40bayviewphysicians....@dmarc.ietf.org> wrote:
> Are the weak signatures vulnerable to a replay attack? I thought that > one of the reasons that DKIM signatures included the whole body was to > prevent the signature from being reused. > > > > DF > Not particularly vulnerable. The requirement is that you have the "weak signature" plus the intermediary full DKIM signature. This let's the validator/receiver know that the originating domain knew that the intermediary might break the originating domains DKIM signature but the validator/receiver would have the DKIM signature of the intermediary. The "weak signature" is only validated against that specific message and headers it signed and that specific intermediary. It's not a generic/general signature. Michael Hammer
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc