I like this approach: if the issue is that an "expired" signature is
treated as unsigned, I think we have an unacceptable level of false
positives.  But if the fact that a signature is valid but expired is
simply another factor in the decision, I think we might be OK, keeping
in mind that "x=" is purely advice to the validator.  To *really*
expire a signature, one has to stop publishing the key associated with
the selector.

Barry

On Thu, Feb 16, 2023 at 4:38 PM Scott Kitterman <ietf-d...@kitterman.com> wrote:
>
>
>
> On February 16, 2023 9:21:51 PM UTC, Michael Thomas <m...@mtcc.com> wrote:
> >
> >On 2/16/23 12:56 PM, Barry Leiba wrote:
> >>>> Okay.  What's the value for X - T that prevents this problem, but 
> >>>> doesn't cause DKIM signatures of "normal" mail to fail?
> >>> There's not one "right" value; we're talking about distributions
> >>> of timings for normal mail vs. replay, and yes, there's some
> >>> overlap there. In practice I've seen many signers choose
> >>> expirations in the range of 1hr to a few days.  1hr can be very
> >>> good at limiting the opportunity for high volume replay, but I
> >>> estimate "normal" signature breakage at that level is on the
> >>> order of 0.1%. 24hr is probably effectively zero breakage, but
> >>> with greater opportunity for replay.
> >> I think you're way off on these numbers, especially for the 1-hour
> >> case.  While normal circumstances get mail delivery in less than an
> >> hour, I have seen *many* cases of legitimate mail delayed by hours --
> >> sometimes quite a few hours.  I would consider anything less than two
> >> days to be unacceptable, and with that sort of gap you don't do much
> >> to prevent a spam blast.
> >
> >I dunno, I would think it has to do with how much of a boost reputation is 
> >actually giving deliverability. For typical marketing email that's not too 
> >spammy maybe it doesn't make much difference? Adding signatures and a SPF 
> >record is pretty easy to do these days, so it's sort of a no-brainer to just 
> >do it. But if some small percentage with slow delivery fall through the 
> >cracks, how adverse is that to delivery, assuming they don't have a p=reject 
> >policy? That seems like it should be a pretty measurable thing for an ESP.
> >
> >Sounds like something that Evan might know. Actually it might well be worth 
> >adding that kind of estimate to the problem statement to judge how much of a 
> >problem it is. What we have now is very hand waving and makes it impossible 
> >to judge about how heroic we need to be.
>
> I think this highlights a key consideration that's easy to forget.  
> Ultimately the issue is not that a 'bad' message was delivered, but that a 
> 'bad' message got the benefit of whatever positive reputation was provided by 
> the signature.  If one decides under X circumstances we will ignore a DKIM 
> signature for Y purposes, then the negative impact of that is far less than 
> that associated with rejecting the message, so we can probably tolerate more 
> false positives.
>
> Scott K
>
> _______________________________________________
> Ietf-dkim mailing list
> Ietf-dkim@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-dkim

_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim

Reply via email to