IETF Logo Mail Archive

Re: [dmarc-ietf] third party authorization, not, was non-mailing list

Dotzero <dotzero@gmail.com> Wed, 26 August 2020 17:54 UTC

Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E5143A194D for <dmarc@ietfa.amsl.com>; Wed, 26 Aug 2020 10:54:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WOR-opmrTQ-P for <dmarc@ietfa.amsl.com>; Wed, 26 Aug 2020 10:54:20 -0700 (PDT)
Received: from mail-qk1-x731.google.com (mail-qk1-x731.google.com [IPv6:2607:f8b0:4864:20::731]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 290B83A1800 for <dmarc@ietf.org>; Wed, 26 Aug 2020 10:54:20 -0700 (PDT)
Received: by mail-qk1-x731.google.com with SMTP id x69so2838824qkb.1 for <dmarc@ietf.org>; Wed, 26 Aug 2020 10:54:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=B5VGHx2YteIDGNN5FbTec6OkFNMBrU2McDu2cezc4jI=; b=Qb7Xv7G5u6ySY7N8usMyms5SLuL0aR+IOit4HAnJRp2F9tuksCxkNTa2Xgx+puQQMP cGC+sM+BOMwZQdYIqJX83stkK7IzmFh7X6ZL1RoTlRrLvEQTg/a4adiy9pZ+bRq/4cnq /mOZIAXGCR9MmK6gRQWXOxUxdl4NSsOmdccrKdP6HzkgKTwXMvHrDtgCfVoLshj3wXew nrA4QTw9qO5vEsBNZo052Yj0BnvNRwDnAVEAsI3eJMIiZhd7ttK7evLeGX2xf7D2fKOX kNQ3f60IHsxHx9vfqFmBVMjmmsuPrxjV803DnmpCy80+Umb8osXoJzl+l3J03OKzjkLT 9WhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=B5VGHx2YteIDGNN5FbTec6OkFNMBrU2McDu2cezc4jI=; b=J9UrsbzKBUYqsqW5IKfWKFCJi9Wa02Z66WQAV7zaSPULSbkXGLygKE4t1hB+uwmDV5 efdiRhaz9JfUzqx3M/2SRubSHBItWe/yiDO6AsiSRWlfjSV51OenoI+bxDfIyJlX4eEU ZYk3VKQzJtVmIVVrmgKtaQsYUVRZZOwxtCGwg1IpDvniHkbkgoI6ce7RlTIT3kgjQjXR DiNOI7kXWY4tn4F822C+2WsU6NrWdaqqownf135fjv86rYCkMcvbgzmH5/GdZPtKkhwy C0WL/wJrYXaZ0mHxCK9VLWO5lilIil2QKCR7r+vEFaCT4GB+/gTmBTV9TU9ae+SOK9L3 pQZg==
X-Gm-Message-State: AOAM532MgLFXRCsNfEIWDZqBTqOI7F2GAcQcxAjUdON2PeOWlv6FkFkB g6+k4wlkfi9ma6Vbbmwt7C9afCHMg2O5dHvmLR7+b9jw1H0=
X-Google-Smtp-Source: ABdhPJzpUpdAPSnVVcnPbLw8/PaaZk5LMrjdCquxfnYpxPVEfEVJp495wMbPwzMfeypJdYfWDcAt07IU5d9Iy5QD7n4=
X-Received: by 2002:a37:a9cb:: with SMTP id s194mr15257407qke.64.1598464459186; Wed, 26 Aug 2020 10:54:19 -0700 (PDT)
MIME-Version: 1.0
References: <20200824172403.A927C1F14BF5@ary.qy> <5fe7d5c2-7330-c9fb-2856-e7dfc2175c82@tana.it> <CAJ4XoYc1vutV61E-66DHWcdOxHmCUWiC0HC0AmiRYUcMxLgcCQ@mail.gmail.com> <1fe7a47f-4ebc-7621-2c1-e4803473e8d7@taugh.com> <CAJ4XoYf3_y4tb5JYm5fGndqxKN+070LvZ6i5kjHKqH0NnbHnhg@mail.gmail.com> <001801d67bce$bdf97510$39ec5f30$@bayviewphysicians.com>
In-Reply-To: <001801d67bce$bdf97510$39ec5f30$@bayviewphysicians.com>
From: Dotzero <dotzero@gmail.com>
Date: Wed, 26 Aug 2020 13:54:08 -0400
Message-ID: <CAJ4XoYdR-kHARvkYjbbyqoEnx8YV5RP4x1z40M3-z9ap1ypcRg@mail.gmail.com>
To: Doug Foster <fosterd=40bayviewphysicians.com@dmarc.ietf.org>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000046a88c05adcb82f7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/x6q73ueIlgCPXiaaI-hCQtAeo6Q>
Subject: Re: [dmarc-ietf] third party authorization, not, was non-mailing list
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Aug 2020 17:54:21 -0000

On Wed, Aug 26, 2020 at 1:32 PM Doug Foster <fosterd=
40bayviewphysicians.com@dmarc.ietf.org> wrote:

> Are the weak signatures vulnerable to a replay attack?    I thought that
> one of the reasons that DKIM signatures included the whole body was to
> prevent the signature from being reused.
>
>
>
> DF
>

Not particularly vulnerable. The requirement is that you have the "weak
signature" plus the intermediary full DKIM signature. This let's the
validator/receiver know that the originating domain knew that the
intermediary might break the originating domains DKIM signature but the
validator/receiver would have the DKIM signature of the intermediary. The
"weak signature" is only validated against that specific message and
headers it signed and that specific intermediary. It's not a
generic/general signature.

Michael Hammer

v2.23.0 | Report a Bug | By Email