On 1/3/23 1:55 PM, Wei Chuang wrote:
So yes this was discussed and started at a M3AAWG BoF (at M3AAWG 56 in
Oct 2022) that discussed DKIM replay. As by that point there were
several drafts with proposed solutions, the suggestion from feedback
at the BoF was to send this work to IETF Dispatch. This work was
presented at IETF 115 (Nov 2022) and the Dispatch slides
<https://datatracker.ietf.org/meeting/115/materials/slides-115-dispatch-dkim-replay-problem-and-possible-solutions-01>
are largely derived from the BoF slides i.e. summarized to fit in
Dispatch time limit. The set of drafts mentioned at the BoF and
Dispatch, are cited in the proposed DKIM WG charter
<https://datatracker.ietf.org/doc/charter-ietf-dkim/04-03/>.
Thanks for the slides. So it seems that two or three of the drafts are
proposing to do something with the envelope, one is the signature
stripping thing, one is counting which is in BCP territory and I didn't
understand the last one. The envelope stuff seems pretty scary to me,
and the stripping is easy to work around.
One thing that occurs to me is that the reputation of the 822.To domain
could be interesting for his problem. That is, if they are sending it
from somebody with good reputation to a mailbox on a domain with
bad/little reputation, that might be a signal that it's suspicious. From
what you're saying, mailing lists, etc, accrue reputation? So they would
be less suspect after a while. Clearly in BCP land, but unless it's
actually been tried there's no Best to write about. I haven't really
thought this through, just wanted to throw this out there.
Mike
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim