A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the Domain Keys Identified Mail (DKIM) WG of the IETF.
Title : DKIM Replay Problem Statement Authors : Weihaw Chuang Dave Crocker Allen Robinson Bron Gondwana Filename : draft-ietf-dkim-replay-problem-00.txt Pages : 13 Date : 2023-07-28 Abstract: DomainKeys Identified Mail (DKIM, RFC6376) permits claiming some responsibility for a message by cryptographically associating a domain name with the message. For data covered by the cryptographic signature, this also enables detecting changes made during transit. DKIM survives basic email relaying. In a Replay Attack, a recipient of a DKIM-signed message re-posts the message to other recipients,while retaining the original, validating signature, and thereby leveraging the reputation of the original signer. This document discusses the resulting damage to email delivery, interoperability, and associated mail flows. A significant challenge to mitigating this problem is that it is difficult for receivers to differentiate between legitimate forwarding flows and a DKIM Replay Attack. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-dkim-replay-problem/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-dkim-replay-problem-00.html Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts _______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim