On Thu, Sep 7, 2023 at 9:38 PM Jesse Thompson wrote:
> Is rfc6651 a lost cause? It looks like it defines a reporting mechanism in
> control of the signer, as opposed to the attacker.
>
Has anyone (else) implemented it?
-MSK
___
Ietf-dkim mailing list
On Thu, Sep 7, 2023, at 12:02 PM, Dave Crocker wrote:
> On 9/2/2023 7:29 AM, Jesse Thompson wrote:
>> On Tue, Aug 29, 2023, at 9:02 PM, Dave Crocker wrote:
>>> DKIM, SPF, et al, are all 'collaborative' mechanisms. Originators and
>>> receivers opt in to use them. Both sides are necessary. So
On Thu, Sep 7, 2023 at 3:15 PM Evan Burke wrote:
> To be clear, for us x= was one of the most effective defenses against
> large-scale replay attacks. Not perfect, obviously, but applied carefully
> and in conjunction with header oversigning, it created a significantly
> narrower window for
On Sep 7, 2023, at 6:15 PM, Evan Burke
wrote:
On Thu, Sep 7, 2023 at 10:17 AM Murray S. Kucherawy
mailto:superu...@gmail.com>> wrote:
On Thu, Sep 7, 2023 at 10:03 AM Dave Crocker
mailto:d...@dcrocker.net>> wrote:
Keys cannot be rotated fast enough to be useful within the time frame that
On Thu, Sep 7, 2023 at 10:17 AM Murray S. Kucherawy
wrote:
> On Thu, Sep 7, 2023 at 10:03 AM Dave Crocker wrote:
>
>> Keys cannot be rotated fast enough to be useful within the time frame
>> that attackers work in.
>>
>> Key rotation works in a timeframe of days or weeks. Attackers work in
>>
On Thu, Sep 7, 2023 at 10:03 AM Dave Crocker wrote:
>
> The "new header field" (or similar) approach alone would not open any
> doors for revocation/invalidation of the fact that the signature was
> applied on that first single message. Relying solely on fast key
> rotation/invalidation would
On 9/2/2023 7:29 AM, Jesse Thompson wrote:
On Tue, Aug 29, 2023, at 9:02 PM, Dave Crocker wrote:
DKIM, SPF, et al, are all 'collaborative' mechanisms. Originators
and receivers opt in to use them. Both sides are necessary. So I'm
wondering about looking for something the furthers the
Steffen Nurpmeso wrote in
<20230814202928.ufult%stef...@sdaoden.eu>:
...
|visibility is. (Mind you, OpenSSH is currently hardening itself
|against [1], .. i persnally would simply start ticking and run for
|some time after the last keypress, that needs no floating-point
|arithmetic, but i