A New Internet-Draft is available from the on-line Internet-Drafts
directories. This Internet-Draft is a work item of the Domain Keys Identified
Mail (DKIM) WG of the IETF.
Title : DKIM Replay Problem Statement
Authors : Weihaw Chuang
Dave Crocker
Allen Robinson
Bron Gondwana
Filename : draft-ietf-dkim-replay-problem-00.txt
Pages : 13
Date : 2023-07-28
Abstract:
DomainKeys Identified Mail (DKIM, RFC6376) permits claiming some
responsibility for a message by cryptographically associating a
domain name with the message. For data covered by the cryptographic
signature, this also enables detecting changes made during transit.
DKIM survives basic email relaying. In a Replay Attack, a recipient
of a DKIM-signed message re-posts the message to other
recipients,while retaining the original, validating signature, and
thereby leveraging the reputation of the original signer. This
document discusses the resulting damage to email delivery,
interoperability, and associated mail flows. A significant challenge
to mitigating this problem is that it is difficult for receivers to
differentiate between legitimate forwarding flows and a DKIM Replay
Attack.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-dkim-replay-problem/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-dkim-replay-problem-00.html
Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
