On 11/27/2022 6:30 PM, Murray S. Kucherawy wrote:
Domain Keys Identified Mail (DKIM, RFC 6376) defines a mechanism for
using a digital signature to associate a domain identity with an email
message in a secure way, and to assure receiving domains that the
message has
not been altered since the signature was created. Receiving systems
Again: DKIM does not assure that the message has not been altered. It
assures only the covered portions of the message.
That's not a small difference in data integrity protection.
can use this information as part of their message-handling decision.
This can help reduce spam, phishing, and other unwanted or malicious
email.
A DKIM-signed message can be re-posted, to a different set of
recipients, without
disturbing the signature's validity. This can be used to confound the
engines that
identify abusive content. RFC 6376 identified a risk of these
"replay" attacks, but
at the time did not consider this to be a problem in need of a
solution. Recently,
the community has decided that it has become enough of a problem to
warrant being revisited.
This does not provide any real understanding of how replay is
accomplished. And since it's easy to explain and doesn't take much
text, I'll again encourage including that in the document that defines
the nature of the problem we will be working on, namely the charter.
Really, it's not asking a lot to identify the role of the collaborating
recipient and possibly a bit more. This makes the charter more directly
useful to circulate widely and be understand in substance, without
requiring the reader to either already know the topic or to forage for
other documents.
The DKIM working group will produce one or more technical
specifications that
describe the abuse and propose replay-resistant mechanisms that are
compatible
with DKIM's broad deployment. The working group may produce documents
describing
relevant experimental trials first.
This draft doesn't include the 'preservation of installed base' cover
text that Barry's had and I forgot to include in mine. I think it's
important.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
mast:@dcrocker@mastodon.social
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim