On Wednesday, March 22, 2023 8:21:55 PM EDT Dave Crocker wrote:
The scenario is re-posting a message such that the original DKIM
signature remains valid.
Any other sort of re-posting does not qualify, under this definition.
So, for example, anything depending on 're-signing' is not a DKIM Replay
Attack.
Yes?
That's my understanding, however that scenario also describes a normal mailing
list if it doesn't make modifications that break an existing DKIM signature or
any kind of forwarding with similar characteristics.
Indeed. Noting that benign re-postings look the same would be a
requirement for the PS.
(As the current and future drafts do.)
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
mast:@dcrocker@mastodon.social
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
