[dispatch] New work: DKIM Replay problem statement and related drafts

Bron Gondwana <brong@fastmailteam.com> Fri, 21 October 2022 13:16 UTC

Return-Path: <brong@fastmailteam.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5FBAC14CE23; Fri, 21 Oct 2022 06:16:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.807
X-Spam-Level:
X-Spam-Status: No, score=-2.807 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b=tMawX9Do; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=MScEqhXb
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uk-bpVn-QVfD; Fri, 21 Oct 2022 06:16:00 -0700 (PDT)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EFD2C14F74D; Fri, 21 Oct 2022 06:15:59 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 4135A5C00C5; Fri, 21 Oct 2022 09:15:59 -0400 (EDT)
Received: from imap43 ([10.202.2.93]) by compute4.internal (MEProxy); Fri, 21 Oct 2022 09:15:59 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=cc:cc:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:sender:subject :subject:to:to; s=fm1; t=1666358159; x=1666444559; bh=egxuT8KzdW 9DVZnBHKC7G54UpOE2C7UgHWUihW919EM=; b=tMawX9Doe9tyM1YimJVzBCg3Gz p0dLXjCwaehCKJSiqQD7NsLBgNJ0t6O4Q7zjeVMWQfgdciWYNW9ZhP+gTZyG2RNc TAt12PifHAnb1t2ZSn9S7n+F+DnsUbSe8lNcRGLyinCSgQN3tvV4CGCBPx0rgm7b v/xJWYO9iRnsaHpN8tY+5xAqk8aPdqsHrOUtUG4MB/OEimnOPBRGnMne4mYoeExn aLv2asq2woY4QVmEJ/D1x3ZFSD+hC0zRkIvu/cR+3mtFC5IVheCHeq3Ad7UUdE/v hmZEnX4kF5fmCsscnDICjMxytFeI+Pogq5YNL+jkeVD0Cj8lagOd0sHKMkrw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:message-id:mime-version :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1666358159; x= 1666444559; bh=egxuT8KzdW9DVZnBHKC7G54UpOE2C7UgHWUihW919EM=; b=M ScEqhXbZyr4btXiyTNSpntjnMEtwhTXxH+eX6IEA55KRo1Y9iGtYe94iEwE+YyVN xDIcwUYg/zjbi0nHRZUPJU/eQAi29SK0sth+C/K1UwEIlPyNMVmt3B+CkF27yhEZ bK0xGpRQdv1Zzv9Skesi43JWnujdc+f5DTPFGzoW3l7qQdUktPWE1lkRFAwbwGsW RP7RyMF5kAJ55aeTAOGwWuHMRfW/l8/tGGPn3CUNanfc5GG4pKU+t9QaH4dqNE8/ iE3Kxm0OTDfqLNYG7ng4Wzu9c38r4JYXzhdrSQ2Ixnz2BSvbgqM6ckgmQ0cs0GXG M9r6OdC6gEjlypT9GYwVA==
X-ME-Sender: <xms:j5tSY0DdTphokNxD-0T3qXKvAHqB4oYrR-JuUktbFI7OOEcpU4Ypng> <xme:j5tSY2jQUXOZ2RdavUuv4hpUsJG6sQU2w5KeojWKri8VnDV2iUuR4uCXt68_7a9F8 IGwsKQEnV4>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrfeelkedgiedtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfffhffvvefutgesrgdtre erreertdenucfhrhhomhepfdeurhhonhcuifhonhgufigrnhgrfdcuoegsrhhonhhgsehf rghsthhmrghilhhtvggrmhdrtghomheqnecuggftrfgrthhtvghrnhepudfhkeehkeelvd ethfeviefgleekvdffgffhhfduteffleejleekkeduhfevkeeunecuffhomhgrihhnpehi vghtfhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh hrohhmpegsrhhonhhgsehfrghsthhmrghilhhtvggrmhdrtghomh
X-ME-Proxy: <xmx:j5tSY3mEU-IHoDET13xL6-ZYYM3fdX1PFFSTAm2fIzH4IpdGx7__QA> <xmx:j5tSY6yJA7lT9w6yWA0GswzdoUJZzSj3GNKH51Qk-aEJOUtzezkT4w> <xmx:j5tSY5TqBUPy40pydQNIWcJVww3vGaxbwYiqaR7xb4xT0WCSKcsgMw> <xmx:j5tSY65X1YBPY3bAldwNqQWbI9gGZ5bLxlNoTLPy-SfS_0CoI_rDFg>
Feedback-ID: i2d7042ce:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id F2AD32D40074; Fri, 21 Oct 2022 09:15:58 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.7.0-alpha0-1047-g9e4af4ada4-fm-20221005.001-g9e4af4ad
Mime-Version: 1.0
Message-Id: <7fdfa2a8-ac29-44c3-b207-c41ef8ca6db2@app.fastmail.com>
Date: Fri, 21 Oct 2022 09:15:38 -0400
From: Bron Gondwana <brong@fastmailteam.com>
To: dispatch@ietf.org
Cc: dispatch-chairs@ietf.org, Wei Chuang <weihaw@google.com>
Content-Type: multipart/alternative; boundary="4fd74bc8ab2c46ef8f080769a0c7bec6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/7_R0Sh69zzVk74Chj_UUZYmme3k>
Subject: [dispatch] New work: DKIM Replay problem statement and related drafts
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2022 13:16:04 -0000

Hi Dispatch chairs,

There's a bunch of work on the DKIM replay problem which was spoken about at M3AAWG last week.  A handful of drafts were proposed.

The room at M3AAWG also asked us to prepare a problem statement informational draft, and we'd like to bring the whole collection (but mainly the problem statement) to dispatch to work out where at the IETF is best placed to take it on, whether we need to spin up the DKIM working group again, or if somewhere else is right.

Anyway, here's the problem statement draft:

https://datatracker.ietf.org/doc/draft-chuang-dkim-replay-problem/

and these related stabs at the solution space that you might be interested in reading:

https://datatracker.ietf.org/doc/draft-chuang-replay-resistant-arc/
https://datatracker.ietf.org/doc/draft-bradshaw-envelope-validation-extension-dkim/
https://datatracker.ietf.org/doc/draft-kucherawy-dkim-anti-replay/
https://datatracker.ietf.org/doc/draft-gondwana-email-mailpath/

... we're not going to read through all of that.  I expect 15 minutes would be good, though it could easily take more if people start trying to solve the problem in real time rather than just looking at the dispatch question.

Cheers,

Bron.

--
  Bron Gondwana, CEO, Fastmail Pty Ltd
  brong@fastmailteam.com