On Sun, Dec 11, 2022 at 1:55 PM Murray S. Kucherawy <[email protected]> wrote:
> In the transaction where the signature is applied, there's only one > envelope recipient. When I'm executing the attack, I could do one envelope > per recipient if I'm worried about being detected that way. > > If Message-ID isn't covered by the header hash, it can be unique per > envelope. > > There was a suggestion that the "bh=" could be required to be unique per > MX to avoid replays, but that becomes a potentially gigantic hash table, so > now there's a resource problem imposed on the receiver/verifier. Even if > you key it on Message-ID, you have the same resource problem. > Also, a deduplication defense is only effective if the replay campaign touches the same MX more than once. There's still a benefit if I avoid that; there are zillions of distinct MXes out there, and federation is probably not common enough to make a dent. -MSK
_______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
