IETF Logo Mail Archive

[Ietf-dkim] Re: New I-D: A Deployment Profile for DKIM2 via Milter Interface

Vittorio <v.moccia@itb.it> Sat, 11 April 2026 16:02 UTC

Return-Path: <v.moccia@itb.it>
X-Original-To: ietf-dkim@mail2.ietf.org
Delivered-To: ietf-dkim@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 3F150DA6B7B4 for <ietf-dkim@mail2.ietf.org>; Sat, 11 Apr 2026 09:02:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1775923379; bh=rnhrAbsFg/Poo4QJxQ0yH5O4cTht2JDLx3Mbl7Ka9SA=; h=Date:From:To:Subject:Reply-To:In-Reply-To:References; b=Go6eVB3aDQUk7YfbgIDBFwIxXf7Xvq5Mh2nk/dLqhtaeXVUbBgIysOS1ZUB8X08Rd N+Xkp2QR4rqDNNPYsLNrjDUbiciuTFU5gxahkrLQj62vZTu1lT/of2XFYdMN0e84Hv HwDN9VLSM6u3wjnCyjxvym+jDkbRc09tGm0IlqIY=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=itb.it
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kY1CQcCJkTJn for <ietf-dkim@mail2.ietf.org>; Sat, 11 Apr 2026 09:02:58 -0700 (PDT)
Received: from dns.itb.it (dns.itb.it [5.134.126.114]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 31E3ADA6B7AD for <ietf-dkim@ietf.org>; Sat, 11 Apr 2026 09:02:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=itb.it; s=default; t=1775923368; bh=Ak6y7bXzeO9oHf4bUC1PzeshYppGyPNz936atN/zUNI=; h=Date:From:To:Subject:Reply-To:In-Reply-To:References:From; b=hgPl6GBp5Q2fKeG9kEwGH35hheiBRrXkz7n+cGcGLDsfC1deiZ4uGFp4qh+Vdwhf1 xULg0ZhYbExSCDK7SARryvSAzFh5CWg1qQLgdluFcvac8MOb/6CAxQW4pYoXVIqNAg N0QsviJKa1oA3vjwSWsVgCTOu+UhxV3ckk14Sp3E=
Received: from mail.itb.it (localhost [127.0.0.1]) by dns.itb.it (8.18.1/8.18.1/Debian-6) with ESMTP id 63BG2mF63318940 for <ietf-dkim@ietf.org>; Sat, 11 Apr 2026 18:02:48 +0200
MIME-Version: 1.0
Date: Sat, 11 Apr 2026 18:02:48 +0200
From: Vittorio <v.moccia@itb.it>
To: Ietf Dkim <ietf-dkim@ietf.org>
Mail-Reply-To: v.moccia@itb.it
In-Reply-To: <af29cb2f-25ab-6e9c-49e6-22120f7ce549@iecc.com>
References: <f57b6ebedadedc5f6dbdf07e2de5e824@itb.it> <af29cb2f-25ab-6e9c-49e6-22120f7ce549@iecc.com>
Message-ID: <011f426dac0d3cb73a54721378dc48c4@itb.it>
X-Sender: v.moccia@itb.it
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Content-Transfer-Encoding: 7bit
ARC-Authentication-Results: i=1; dns.itb.it; spf=none; dmarc=none; dkim=none; arc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=itb.it; s=arc1; bh=Ak6y7bXzeO9oHf4bUC1PzeshYppGyPNz936atN/zUNI=; h=from:message-id:date:subject:to; b=rEaQnu5TOecDHT9dn/W7SYL/wVGo2SrwRRN0veMtaIB5Rdif9hx1h36wfpk96vZOcEOA90UDJa3VZEMhpQVSgNw0uiWC58fEGDS56+TO1zykvSr1ZsQBKy3K2NiCEm5AIaB+7HZUH6N8prbWP982k2ez9d8Q3JPCvGOU29yG/e9y/7dhrLW8DRkYvFPJ71HevEjv6uCGutzch3A+6JEqmCCGRtWuaN60GBASEkUcF5SMlPDVmeaLRsQ458hScgoBO4Ewn+zUNb57dWH4dtap6lwcwLSIjNJSPCG9FADIX0Xaqh9JAeF/znqLJa+BGLBcolOmF/Sep/l7xqxMTv9rSA==
ARC-Seal: i=1; a=rsa-sha256; s=arc1; d=itb.it; cv=none; b=MFcqLIBbps+0cU8z94Sm42l+hZrLZ/QXyrwC3loiAUlPFx/ug3SMhvgey0SR6mjU+gqC0WTosgNjUW8OeCalIf6scXfHfgmOld3dakfzzR3f/hoMFABbWqVppEXeABwLHbefgvW7Bxl7LubnKuHLvqor4Fad1UDmfxr7H4Mbwprb7Di0aqNlWGvd5XjBDW3QMamCdXvuIL6vB96+TMEw46d28iX+hE7MmuGd8P7JbTBDlrIvEjWnLhYyRklXwjEY/aoSR9cOCwmAnTb/ZfOQxNegLY388m4o6YwGBzicDp9WZOtOANhccYWNR7Yxm1hH4XSISd9UDVnI1jKDc7eX2A==
X-Signed: DarkARC v0.3
Message-ID-Hash: OO272T7F5NA43IFQSYTGUIMMN4KK4ZMF
X-Message-ID-Hash: OO272T7F5NA43IFQSYTGUIMMN4KK4ZMF
X-MailFrom: v.moccia@itb.it
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ietf-dkim.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Reply-To: v.moccia@itb.it
Subject: [Ietf-dkim] Re: New I-D: A Deployment Profile for DKIM2 via Milter Interface
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/5qTRM3s4iPZtmPgMc_b7qbMh_Dw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Owner: <mailto:ietf-dkim-owner@ietf.org>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Subscribe: <mailto:ietf-dkim-join@ietf.org>
List-Unsubscribe: <mailto:ietf-dkim-leave@ietf.org>

Hello John,

thank you for the follow-up. A factual clarification first.
Richard Clayton, co-author of the base DKIM2 specification, wrote on 
this list that "DKIM2-core is AIUI all of DKIM2 except for recipes". 
That is, DKIM2-core is not a variant of ARC - it is the mandatory 
cryptographic foundation of DKIM2 itself.

You argue that because the chain of custody resembles ARC, it is proven 
not to work. However, ARC's primary weakness was the lack of 
cryptographic envelope binding (mf=, rt=). This omission allowed for 
replay attacks that DKIM2-core explicitly prevents. To claim that ARC's 
failure is evidence against DKIM2-core is to assume that envelope 
binding adds no security value - an assumption that would invalidate the 
core premise of the entire DKIM2 working group.

Furthermore, if the chain of custody shared by both drafts is "not 
useful" as you suggest, then the base specification is also fatally 
flawed by design, as recipes alone cannot provide attribution without 
that chain. I doubt the chairs or the authors share that view.
I ask directly: do you believe that DKIM2-core with envelope binding and 
DKIM2-Mod accountability is fundamentally unable to solve the 
mailing-list problem? If so, could you describe a concrete attack or 
failure mode that remains? Section 5.7 of the -01 draft documents why 
this approach is sufficient for current p=reject environments and I am 
happy to refine it if a specific counter-example can be identified.
On GDPR: the privacy concern in Section 6 is not that delivering message 
history to a recipient who was going to receive the message anyway is 
problematic. The concern is that body recipes create structured, 
recoverable representations of previous message versions that travel to 
all downstream recipients and archiving systems, potentially including 
content that intermediaries deliberately chose not to transmit - 
redacted DLP content, removed malicious attachments, URL-rewritten 
links. These are new data objects that did not previously exist, created 
by systems that may not have legal basis to create them under GDPR 
Article 5 data minimization. This is a distinct concern from general 
message history and is addressed in detail in Sections 6.2.1 through 
6.2.9.

The -01 draft, submitted a few days ago, also addresses the handling of 
multiple identical headers and the base64 re-wrapping issue.
https://datatracker.ietf.org/doc/draft-moccia-dkim2-deployment-profile/

Regards
Vittorio Moccia


Il 2026-04-10 19:35 John R. Levine ha scritto:
> On Thu, 26 Mar 2026, Vittorio wrote:
>> I have submitted an Internet-Draft formalizing the proposal discussed 
>> on this list in March 2026:
>> draft-moccia-dkim2-deployment-profile-00
>> "A Deployment Profile for DKIM2 via Milter Interface"
> 
> I have read through this draft and do not find it useful.
> 
> It is hard to follow, but as best I can tell, it asserts that it's not 
> possible to implement DKIM2 using the familiar milter interface, so it 
> proposes dividing DKIM2 into two parts, a chain of custody that 
> resembles ARC that one can do in a milter, and a second optional part 
> that tracks message modifications that one can't.  It also makes a 
> claim in section 5.7 that the chain of custody addresses the DMARC 
> mailing list problem, and assertions about European privacy law and the 
> GDPR in section 6.
> 
> We have heard from other people, including people with a lot of 
> experience writing milters, that they see no problem implementing DKIM2 
> in a milter. Hence the fundamental assumption here is wrong.
> 
> Section 5.7 says that mailing lists can look at the chain of custody to 
> decide whether to accept messages without needing the verifiable 
> modification history.  But that was exactly what ARC was supposed to do 
> and we know from extensive experience that it doesn't work.
> 
> Section 6 refers to the GDPR.  As I understand it, the claim is that 
> delivering more details of the history of a message to the recipient 
> who was going to get the message anyway introduces privacy problems.  
> While this seems rather implausible I do not claim to be a European 
> privacy law expert.  None of us are, and if anyone thinks DKIM2 (or any 
> other IETF spec) presents legal issues, they need to talk to their own 
> lawyers.
> 
> R's,
> John
>

v2.41.0 | Report a Bug | By Email | System Status