Re: [Ietf-dkim] What makes this posting different from the original posting?

On Thu, Sep 7, 2023 at 9:38 PM Jesse Thompson wrote: > Is rfc6651 a lost cause? It looks like it defines a reporting mechanism in > control of the signer, as opposed to the attacker. > Has anyone (else) implemented it? -MSK ___ Ietf-dkim mailing list

Re: [Ietf-dkim] What makes this posting different from the original posting?

On Thu, Sep 7, 2023, at 12:02 PM, Dave Crocker wrote: > On 9/2/2023 7:29 AM, Jesse Thompson wrote: >> On Tue, Aug 29, 2023, at 9:02 PM, Dave Crocker wrote: >>> DKIM, SPF, et al, are all 'collaborative' mechanisms. Originators and >>> receivers opt in to use them. Both sides are necessary. So

Re: [Ietf-dkim] What makes this posting different from the original posting?

On Thu, Sep 7, 2023 at 3:15 PM Evan Burke wrote: > To be clear, for us x= was one of the most effective defenses against > large-scale replay attacks. Not perfect, obviously, but applied carefully > and in conjunction with header oversigning, it created a significantly > narrower window for

Re: [Ietf-dkim] What makes this posting different from the original posting?

On Sep 7, 2023, at 6:15 PM, Evan Burke wrote: On Thu, Sep 7, 2023 at 10:17 AM Murray S. Kucherawy mailto:superu...@gmail.com>> wrote: On Thu, Sep 7, 2023 at 10:03 AM Dave Crocker mailto:d...@dcrocker.net>> wrote: Keys cannot be rotated fast enough to be useful within the time frame that

Re: [Ietf-dkim] What makes this posting different from the original posting?

On Thu, Sep 7, 2023 at 10:17 AM Murray S. Kucherawy wrote: > On Thu, Sep 7, 2023 at 10:03 AM Dave Crocker wrote: > >> Keys cannot be rotated fast enough to be useful within the time frame >> that attackers work in. >> >> Key rotation works in a timeframe of days or weeks. Attackers work in >>

Re: [Ietf-dkim] What makes this posting different from the original posting?

On Thu, Sep 7, 2023 at 10:03 AM Dave Crocker wrote: > > The "new header field" (or similar) approach alone would not open any > doors for revocation/invalidation of the fact that the signature was > applied on that first single message. Relying solely on fast key > rotation/invalidation would

Re: [Ietf-dkim] What makes this posting different from the original posting?

On 9/2/2023 7:29 AM, Jesse Thompson wrote: On Tue, Aug 29, 2023, at 9:02 PM, Dave Crocker wrote: DKIM, SPF, et al, are all 'collaborative' mechanisms.  Originators and receivers opt in to use them.  Both sides are necessary.  So I'm wondering about looking for something the furthers the

Re: [Ietf-dkim] Call for adoption results: draft-ietf-dkim-replay-problem Adopted

Steffen Nurpmeso wrote in <20230814202928.ufult%stef...@sdaoden.eu>: ... |visibility is. (Mind you, OpenSSH is currently hardening itself |against [1], .. i persnally would simply start ticking and run for |some time after the last keypress, that needs no floating-point |arithmetic, but i