On Sat, Aug 29, 2020 at 3:43 PM Douglas E. Foster <fosterd= 40bayviewphysicians....@dmarc.ietf.org> wrote:
> To elaborate on my question and Michael Hammer's answer: > > To be unique, a signature needs a unique dataset from which the hash is > computed. The weak signature will not be unique because it will be > computed on non-random content such as From, To, and Date. > There are additional ways of introducing complexity and randomness. > > However, the signature can only be used by the designated domain. So the > worst possible "misuse" would be for the designated domain to use the > signature on other messages. This seems unlikely, and the worst-case use > is no different than what ATSP would authorize. But the weak signature > has less information leakage, since nothing is published in DNS about the > signature technique. So I agree that the approach is a good one for those > who want to provide mailing-list authorization. > > The remaining challenge is to communicate between recipient domains and > mailing lists so that the list knows whether the recipient will honor the > weak signature system. > > Doug Foster > > > > > ------------------------------ > *From*: Jim Fenton <fen...@bluepopcorn.net> > *Sent*: 8/26/20 5:01 PM > *To*: Dotzero <dotz...@gmail.com> > *Cc*: IETF DMARC WG <dmarc@ietf.org> > *Subject*: Re: [dmarc-ietf] third party authorization, not, was > non-mailing list > On 8/26/20 10:54 AM, Dotzero wrote: > > > > On Wed, Aug 26, 2020 at 1:32 PM Doug Foster <fosterd= > 40bayviewphysicians....@dmarc.ietf.org> wrote: > >> Are the weak signatures vulnerable to a replay attack? I thought that >> one of the reasons that DKIM signatures included the whole body was to >> prevent the signature from being reused. >> >> >> >> DF >> > > Not particularly vulnerable. The requirement is that you have the "weak > signature" plus the intermediary full DKIM signature. This let's the > validator/receiver know that the originating domain knew that the > intermediary might break the originating domains DKIM signature but the > validator/receiver would have the DKIM signature of the intermediary. The > "weak signature" is only validated against that specific message and > headers it signed and that specific intermediary. It's not a > generic/general signature. > > > It sounds like the weak signature is just a regular DKIM signature plus > the designation of the intermediary, and the "weak" part is that you don't > check the body hash against the body. Have I got that right? > > -Jim > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
