Re: [dmarc-ietf] third party authorization, not, was non-mailing list
Doug Foster <fosterd@bayviewphysicians.com> Wed, 26 August 2020 17:31 UTC
Return-Path: <btv1==507324e8e80==fosterd@bayviewphysicians.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 357103A18F7 for <dmarc@ietfa.amsl.com>; Wed, 26 Aug 2020 10:31:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bayviewphysicians.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I7iPwExYCPbc for <dmarc@ietfa.amsl.com>; Wed, 26 Aug 2020 10:31:47 -0700 (PDT)
Received: from mail.bayviewphysicians.com (mail.bayviewphysicians.com [216.54.111.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DFB43A18E4 for <dmarc@ietf.org>; Wed, 26 Aug 2020 10:31:43 -0700 (PDT)
X-ASG-Debug-ID: 1598463101-11fa31095ed63a0001-K2EkT1
Received: from webmail.bayviewphysicians.com (webmail.bayviewphysicians.com [192.168.1.49]) by mail.bayviewphysicians.com with ESMTP id 4CEQ5ajY3CEdPNu7 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO) for <dmarc@ietf.org>; Wed, 26 Aug 2020 13:31:41 -0400 (EDT)
X-Barracuda-Envelope-From: fosterd@bayviewphysicians.com
X-Barracuda-RBL-Trusted-Forwarder: 192.168.1.49
X-SmarterMail-Authenticated-As: fosterd@bayviewphysicians.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bayviewphysicians.com; s=s1025; h=message-id:subject:to:from; bh=3IdO+dfYAyAOXrfJP9MtDw8Bcbu2RvUNTs1vRm9BZxg=; b=AMuce1H0TsFyNEeP3vbS+iRM3yM3ZZ+hXoY4PzifFTkWuWAe418EdLFZ0kuKcu51s /yozKBS2fJRTLAoJJfLZNMrSPq/m3aWkaS1PDIxy40dPZZlw1bMoHTIucrFT63++G gH9cEfcxX75LRoDOUp26yCkbb3LHgF4HaYxmxgPN8=
Received: from MSA189 (UnknownHost [192.168.2.194]) by webmail.bayviewphysicians.com with SMTP (version=TLS\Tls12 cipher=Aes256 bits=256); Wed, 26 Aug 2020 13:31:32 -0400
From: Doug Foster <fosterd@bayviewphysicians.com>
X-Barracuda-RBL-IP: 192.168.2.194
To: 'IETF DMARC WG' <dmarc@ietf.org>
References: <20200824172403.A927C1F14BF5@ary.qy> <5fe7d5c2-7330-c9fb-2856-e7dfc2175c82@tana.it> <CAJ4XoYc1vutV61E-66DHWcdOxHmCUWiC0HC0AmiRYUcMxLgcCQ@mail.gmail.com> <1fe7a47f-4ebc-7621-2c1-e4803473e8d7@taugh.com> <CAJ4XoYf3_y4tb5JYm5fGndqxKN+070LvZ6i5kjHKqH0NnbHnhg@mail.gmail.com>
In-Reply-To: <CAJ4XoYf3_y4tb5JYm5fGndqxKN+070LvZ6i5kjHKqH0NnbHnhg@mail.gmail.com>
Date: Wed, 26 Aug 2020 13:31:33 -0400
X-ASG-Orig-Subj: RE: [dmarc-ietf] third party authorization, not, was non-mailing list
Message-ID: <001801d67bce$bdf97510$39ec5f30$@bayviewphysicians.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0019_01D67BAD.36E89860"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJgB1D2dINlKlh07HGwpTB1qO3hiQK/ySKcAn/sJpADPLdKZwI+DOKsp+G6xwA=
Content-Language: en-us
X-Exim-Id: 001801d67bce$bdf97510$39ec5f30$
X-Barracuda-Connect: webmail.bayviewphysicians.com[192.168.1.49]
X-Barracuda-Start-Time: 1598463101
X-Barracuda-Encrypted: ECDHE-RSA-AES256-SHA384
X-Barracuda-URL: https://mail.bayviewphysicians.com:443/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at bayviewphysicians.com
X-Barracuda-Scan-Msg-Size: 6840
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=HTML_MESSAGE
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.84181 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 HTML_MESSAGE BODY: HTML included in message
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/HCITOykao_NjcfraFt9l2UAXhYE>
Subject: Re: [dmarc-ietf] third party authorization, not, was non-mailing list
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Aug 2020 17:31:52 -0000
Are the weak signatures vulnerable to a replay attack? I thought that one of the reasons that DKIM signatures included the whole body was to prevent the signature from being reused. DF From: dmarc [mailto:dmarc-bounces@ietf.org] On Behalf Of Dotzero Sent: Tuesday, August 25, 2020 1:51 PM To: John R Levine Cc: IETF DMARC WG Subject: Re: [dmarc-ietf] third party authorization, not, was non-mailing list On Tue, Aug 25, 2020 at 12:22 PM John R Levine <johnl@taugh.com> wrote: On Tue, 25 Aug 2020, Dotzero wrote: >> https://tools.ietf.org/html/draft-levine-dkim-conditional-00? > Under my concept, all mail would still be signed in full. The weak > signature would be in addition to the full signature and the intermediary > would be expected to sign in full as well. If the original full signature > is broken you are left with the original "weak signature" which authorizes > the intermediary and the full signature of the intermediary. Take another look at my old draft. Sounds like exactly the same plan. I will. > I would expect there to be multiple potential approaches to identifying > acceptable intermediaries. The harder part is to decide which intermediary gets to re-sign which message at the time you apply the weak signature. It would have be the domain in the "To" field. It wouldn't work with random unknown intermediaries. It would address the MLM issue as long as the MLM domain is the same as the "To" domain when the message was originally sent. It could also presumably work for vanity domains if they DKIM sign. It wouldn't work for forwards on the receiver side that the sender is unaware of. Michael Hammer
- [dmarc-ietf] non-mailing list use case for differ… Autumn Tyr-Salvia
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Laura Atkins
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Laura Atkins
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Hector Santos
- Re: [dmarc-ietf] non-mailing list use case for di… Doug Foster
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Todd Herr
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Todd Herr
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… Autumn Tyr-Salvia
- Re: [dmarc-ietf] non-mailing list use case for di… Todd Herr
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Laura Atkins
- Re: [dmarc-ietf] non-mailing list use case for di… Todd Herr
- Re: [dmarc-ietf] non-mailing list use case for di… Laura Atkins
- Re: [dmarc-ietf] non-mailing list use case for di… Hector Santos
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… Jeremy Harris
- Re: [dmarc-ietf] non-mailing list use case for di… Ken O'Driscoll
- Re: [dmarc-ietf] non-mailing list use case for di… Hector Santos
- Re: [dmarc-ietf] non-mailing list use case for di… Hector Santos
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Murray S. Kucherawy
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Jim Fenton
- Re: [dmarc-ietf] non-mailing list use case for di… Luis E. Muñoz
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- [dmarc-ietf] LSAP - Lightweight Signer Authorizat… Hector Santos
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Neil Anuskiewicz
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Murray S. Kucherawy
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… Ken O'Driscoll
- Re: [dmarc-ietf] non-mailing list use case for di… Benny Pedersen
- Re: [dmarc-ietf] non-mailing list use case for di… Kurt Andersen (b)
- Re: [dmarc-ietf] non-mailing list use case for di… Jim Fenton
- Re: [dmarc-ietf] non-mailing list use case for di… Jim Fenton
- Re: [dmarc-ietf] non-mailing list use case for di… Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Autumn Tyr-Salvia
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Murray S. Kucherawy
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… Hannu Aronsson
- Re: [dmarc-ietf] non-mailing list use case for di… Hannu Aronsson
- Re: [dmarc-ietf] non-mailing list use case for di… Tõnu Tammer
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… Jim Fenton
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] third party authorization, not, … John Levine
- Re: [dmarc-ietf] third party authorization, not, … Dave Crocker
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Neil Anuskiewicz
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Autumn Tyr-Salvia
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Dave Crocker
- Re: [dmarc-ietf] third party authorization, not, … John Levine
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Dave Crocker
- Re: [dmarc-ietf] third party authorization, not, … Hector Santos
- Re: [dmarc-ietf] Time for a change Douglas E. Foster
- Re: [dmarc-ietf] Time for a change Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] Time for a change Murray S. Kucherawy
- Re: [dmarc-ietf] Time for a change Dave Crocker
- Re: [dmarc-ietf] Time for a change Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Autumn Tyr-Salvia
- Re: [dmarc-ietf] finer grained org domain John R Levine
- Re: [dmarc-ietf] finer grained org domain Tim Wicinski
- Re: [dmarc-ietf] finer grained org domain Dave Crocker
- Re: [dmarc-ietf] finer grained org domain Dave Crocker
- Re: [dmarc-ietf] finer grained org domain Seth Blank
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] Time for a change Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Kurt Andersen (b)
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Douglas E. Foster
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Tim Draegen
- Re: [dmarc-ietf] third party authorization, not, … Brandon Long
- Re: [dmarc-ietf] third party authorization, not, … Jesse Thompson
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… Jim Fenton
- Re: [dmarc-ietf] non-mailing list use case for di… Brandon Long
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … John Levine
- Re: [dmarc-ietf] third party authorization, not, … Douglas E. Foster
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Laura Atkins
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … John R Levine
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … John R Levine
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Jim Fenton
- Re: [dmarc-ietf] third party authorization, not, … John Levine
- Re: [dmarc-ietf] third party authorization, not, … Jim Fenton
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Doug Foster
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Jim Fenton
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Douglas E. Foster
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Jim Fenton
- Re: [dmarc-ietf] third party authorization, not, … Hector Santos
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Douglas E. Foster
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] draft-levine-dkim-conditional-04… John Levine
- Re: [dmarc-ietf] draft-levine-dkim-conditional-04… Douglas E. Foster
- Re: [dmarc-ietf] draft-levine-dkim-conditional-04… Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] my forward signer draft, third p… John Levine
- Re: [dmarc-ietf] my forward signer draft, third p… Rolf E. Sonneveld