Re: [Ietf-dkim] replay clues

2023-02-10 Thread Scott Kitterman
On February 11, 2023 5:23:39 AM UTC, "Murray S. Kucherawy" wrote: >On Fri, Feb 10, 2023 at 8:09 PM Michael Thomas wrote: > >> I've always thought that the likelihood of a protocol level solution for >> this issue is pretty close to zero if not zero. The various proposed >> solutions in the

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Murray S. Kucherawy
On Fri, Feb 10, 2023 at 12:06 PM Evan Burke wrote: > > On Fri, Feb 10, 2023 at 11:47 AM Dave Crocker wrote: > >> On 2/10/2023 11:35 AM, Wei Chuang wrote: >> > ARC is a tool to help support modern Indirect Mail Flows, and I >> > believe belongs in the solution space to be explored. >> >> Since

Re: [Ietf-dkim] replay clues

2023-02-10 Thread Murray S. Kucherawy
On Fri, Feb 10, 2023 at 8:09 PM Michael Thomas wrote: > I've always thought that the likelihood of a protocol level solution for > this issue is pretty close to zero if not zero. The various proposed > solutions in the problem draft haven't given me any reason to dissuade > me of that notion. >

[Ietf-dkim] replay clues

2023-02-10 Thread Michael Thomas
I've always thought that the likelihood of a protocol level solution for this issue is pretty close to zero if not zero. The various proposed solutions in the problem draft haven't given me any reason to dissuade me of that notion. That said, I think that we might be able to catalog some

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Michael Thomas
On 2/10/23 10:23 AM, Wei Chuang wrote: Hi all, I've posted an updated version of the draft-chuang-dkim-replay-problem-01 draft.  It cleans up a lot from the -00 rough draft state so hopefully it's more clear.  It builds

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Michael Thomas
On 2/10/23 10:23 AM, Wei Chuang wrote: | resign for DKIM on behalf of the Originator though the | Originator increases risk of losing control of their private key. I'm pretty sure that the best practice here is to just create a selector(s) for the ESP's, etc, signing keys. You definitely

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Michael Thomas
On 2/10/23 10:23 AM, Wei Chuang wrote: [] SPF authentication is possible, but may not be advisable. The Originator does this by publishing an SPF policy that covers the Outbound Filtering Service IPs but this IP sharing weakens authentication. Why do you say it weakens it? Isn't it pretty

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Michael Thomas
On 2/10/23 2:10 PM, Evan Burke wrote: On Fri, Feb 10, 2023 at 1:55 PM Michael Thomas wrote: | taking advantage of the flexibility in DKIM to | selectively sign headers, the spammer may intentionally leave out | certain headers such as To:, and Subject: that can be

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Michael Thomas
On 2/10/23 2:11 PM, Wei Chuang wrote: On Fri, Feb 10, 2023 at 1:48 PM Michael Thomas wrote: | When large amounts of spam are received by the mailbox provider, the | operator’s filtering engine will eventually react by dropping the | reputation of the original DKIM signer.

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Michael Thomas
On 2/10/23 10:23 AM, Wei Chuang wrote: Hi all, I've posted an updated version of the draft-chuang-dkim-replay-problem-01 draft.  It cleans up a lot from the -00 rough draft state so hopefully it's more clear.  It builds

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Dave Crocker
On 2/10/2023 1:47 PM, Wei Chuang wrote: | In addition to being DKIM authenticated via the spoofed DKIM signature ... To be honest I was wondering about that word choice myself. I can change that in the next rev. There is a long-standing misuse of the term spoof, in the anti-abuse

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Wei Chuang
On Fri, Feb 10, 2023 at 1:48 PM Michael Thomas wrote: > > On 2/10/23 10:23 AM, Wei Chuang wrote: > > Hi all, > I've posted an updated version of the draft-chuang-dkim-replay-problem-01 > > draft. It cleans up a lot from the

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Evan Burke
On Fri, Feb 10, 2023 at 1:55 PM Michael Thomas wrote: > | taking advantage of the flexibility in DKIM to >> | selectively sign headers, the spammer may intentionally leave out >> | certain headers such as To:, and Subject: that can be added in later >> | without damaging the existing DKIM

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Michael Thomas
On 2/10/23 1:48 PM, Wei Chuang wrote: On Fri, Feb 10, 2023 at 1:29 PM Michael Thomas wrote: On 2/10/23 10:23 AM, Wei Chuang wrote: Hi all, I've posted an updated version of the draft-chuang-dkim-replay-problem-01

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Michael Thomas
On 2/10/23 1:47 PM, Wei Chuang wrote: On Fri, Feb 10, 2023 at 1:33 PM Michael Thomas wrote: On 2/10/23 10:23 AM, Wei Chuang wrote: Hi all, I've posted an updated version of the draft-chuang-dkim-replay-problem-01

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Wei Chuang
On Fri, Feb 10, 2023 at 1:29 PM Michael Thomas wrote: > > On 2/10/23 10:23 AM, Wei Chuang wrote: > > Hi all, > I've posted an updated version of the draft-chuang-dkim-replay-problem-01 > > draft. It cleans up a lot from the

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Michael Thomas
On 2/10/23 10:23 AM, Wei Chuang wrote: Hi all, I've posted an updated version of the draft-chuang-dkim-replay-problem-01 draft.  It cleans up a lot from the -00 rough draft state so hopefully it's more clear.  It builds

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Wei Chuang
On Fri, Feb 10, 2023 at 1:33 PM Michael Thomas wrote: > > On 2/10/23 10:23 AM, Wei Chuang wrote: > > Hi all, > I've posted an updated version of the draft-chuang-dkim-replay-problem-01 > > draft. It cleans up a lot from the

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Michael Thomas
On 2/10/23 10:23 AM, Wei Chuang wrote: Hi all, I've posted an updated version of the draft-chuang-dkim-replay-problem-01 draft.  It cleans up a lot from the -00 rough draft state so hopefully it's more clear.  It builds

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Michael Thomas
On 2/10/23 10:23 AM, Wei Chuang wrote: Hi all, I've posted an updated version of the draft-chuang-dkim-replay-problem-01 draft.  It cleans up a lot from the -00 rough draft state so hopefully it's more clear.  It builds

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Dave Crocker
On 2/10/2023 12:05 PM, Evan Burke wrote: I realize there are some mixed opinions on ARC, but it's actively used on several of the world's largest email systems - The problem document is not an exercise in politics but an exploration of technical and operational issues. Whether one or

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Evan Burke
On Fri, Feb 10, 2023 at 11:47 AM Dave Crocker wrote: > On 2/10/2023 11:35 AM, Wei Chuang wrote: > > ARC is a tool to help support modern Indirect Mail Flows, and I > > believe belongs in the solution space to be explored. > > Since ARC uses the same technology as DKIM and uses it in pretty much

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Dave Crocker
On 2/10/2023 11:35 AM, Wei Chuang wrote: ARC is a tool to help support modern Indirect Mail Flows, and I believe belongs in the solution space to be explored. Since ARC uses the same technology as DKIM and uses it in pretty much the same was, my understanding is that it, too, has the

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Michael Thomas
On 2/10/23 11:35 AM, Wei Chuang wrote: On Fri, Feb 10, 2023 at 11:09 AM Michael Thomas wrote: On 2/10/23 10:23 AM, Wei Chuang wrote: Hi all, I've posted an updated version of the draft-chuang-dkim-replay-problem-01

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Wei Chuang
On Fri, Feb 10, 2023 at 11:09 AM Michael Thomas wrote: > > On 2/10/23 10:23 AM, Wei Chuang wrote: > > Hi all, > I've posted an updated version of the draft-chuang-dkim-replay-problem-01 > > draft. It cleans up a lot from

Re: [Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Michael Thomas
On 2/10/23 10:23 AM, Wei Chuang wrote: Hi all, I've posted an updated version of the draft-chuang-dkim-replay-problem-01 draft.  It cleans up a lot from the -00 rough draft state so hopefully it's more clear.  It builds

[Ietf-dkim] DKIM Replay Problem Statement and Scenarios -01 draft posted

2023-02-10 Thread Wei Chuang
Hi all, I've posted an updated version of the draft-chuang-dkim-replay-problem-01 draft. It cleans up a lot from the -00 rough draft state so hopefully it's more clear. It builds a case that spammers are exploiting DKIM