To elaborate on my question and Michael Hammer's answer: To be unique, a signature needs a unique dataset from which the hash is computed. The weak signature will not be unique because it will be computed on non-random content such as From, To, and Date.
However, the signature can only be used by the designated domain. So the worst possible "misuse" would be for the designated domain to use the signature on other messages. This seems unlikely, and the worst-case use is no different than what ATSP would authorize. But the weak signature has less information leakage, since nothing is published in DNS about the signature technique. So I agree that the approach is a good one for those who want to provide mailing-list authorization. The remaining challenge is to communicate between recipient domains and mailing lists so that the list knows whether the recipient will honor the weak signature system. Doug Foster ---------------------------------------- From: Jim Fenton <fen...@bluepopcorn.net> Sent: 8/26/20 5:01 PM To: Dotzero <dotz...@gmail.com> Cc: IETF DMARC WG <dmarc@ietf.org> Subject: Re: [dmarc-ietf] third party authorization, not, was non-mailing list On 8/26/20 10:54 AM, Dotzero wrote: On Wed, Aug 26, 2020 at 1:32 PM Doug Foster <fosterd=40bayviewphysicians....@dmarc.ietf.org> wrote: Are the weak signatures vulnerable to a replay attack? I thought that one of the reasons that DKIM signatures included the whole body was to prevent the signature from being reused. DF Not particularly vulnerable. The requirement is that you have the "weak signature" plus the intermediary full DKIM signature. This let's the validator/receiver know that the originating domain knew that the intermediary might break the originating domains DKIM signature but the validator/receiver would have the DKIM signature of the intermediary. The "weak signature" is only validated against that specific message and headers it signed and that specific intermediary. It's not a generic/general signature. It sounds like the weak signature is just a regular DKIM signature plus the designation of the intermediary, and the "weak" part is that you don't check the body hash against the body. Have I got that right? -Jim
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
