IETF Logo Mail Archive

Re: [ietf-dkim] [dmarc-ietf] a slightly less kludge alternative to draft-kucherawy-dmarc-rcpts

Michael Storz <Michael.Storz@lrz.de> Thu, 17 November 2016 12:52 UTC

Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 364A912979D for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Thu, 17 Nov 2016 04:52:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.791
X-Spam-Level:
X-Spam-Status: No, score=-1.791 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=lrz.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ixs3qLxmThB3 for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Thu, 17 Nov 2016 04:52:38 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02B581296AA for <ietf-dkim-archive@ietf.org>; Thu, 17 Nov 2016 04:52:38 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [127.0.0.1]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uAHCqYiX016713; Thu, 17 Nov 2016 04:52:35 -0800
Authentication-Results: simon.songbird.com; dkim=fail reason="verification failed; unprotected key" header.d=lrz.de header.i=@lrz.de header.b=jP6ifVID; dkim-adsp=none (unprotected policy); dkim-atps=neutral
Received: from postout2.mail.lrz.de (postout2.mail.lrz.de [129.187.255.138]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uAHCqUNM016709 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <ietf-dkim@mipassoc.org>; Thu, 17 Nov 2016 04:52:32 -0800
Received: from lxmhs52.srv.lrz.de (localhost [127.0.0.1]) by postout2.mail.lrz.de (Postfix) with ESMTP id 3tKLbn5v0qzyVy for <ietf-dkim@mipassoc.org>; Thu, 17 Nov 2016 13:51:33 +0100 (CET)
Authentication-Results: postout.lrz.de (amavisd-new); dkim=pass (2048-bit key) reason="pass (just generated, assumed good)" header.d=lrz.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lrz.de; h= user-agent:message-id:references:in-reply-to:subject:subject :from:from:date:date:content-transfer-encoding:content-type :content-type:mime-version:received:received:received; s= postout; t=1479387093; bh=wJrfKAUf+KNqrs5MTQo4m4jNeFPKuvaEQm02E8 ro3JQ=; b=jP6ifVIDsVz8tN8CxwtSEzUAi0Fz+065EI29UeIpnyPfZwCMjP8+XB cjM3Q40hgbYz60kv/NPemIEg8kELCiIl005RXBCmrovBA4iDB9r8cx1Z4I+qdYgy rkaGhyVtl7CZyk+mgL0RXSAskdTD9mmdUx5dKFIfox7cWc/e/jmZvCjjVjszs8bL nsMI9Xbgp0qIxVyA3v/AC/ZxWZMsw8wHXqJCYWc0QYgiS3uAghaQz6SGNipHu0dN 9QxM/tzmH7p1VPcKzsk9kPsnwl/77FGMMBCe9zn5Yov9wvp7ZHtYi+raGYBxcoy7 tFAGXeUOht/wKGQwoOTSBgmF3A0vaO/A==
X-Virus-Scanned: by amavisd-new at lrz.de in lxmhs52.srv.lrz.de
Received: from postout2.mail.lrz.de ([127.0.0.1]) by lxmhs52.srv.lrz.de (lxmhs52.srv.lrz.de [127.0.0.1]) (amavisd-new, port 20024) with LMTP id nu0URELP15VZ for <ietf-dkim@mipassoc.org>; Thu, 17 Nov 2016 13:51:33 +0100 (CET)
Received: from roundcube.lrz.de (roundcube.lrz.de [IPv6:2001:4ca0:0:103::81bb:ff93]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by postout2.mail.lrz.de (Postfix) with ESMTPSA id 3tKLbn0Mdmzyh1 for <ietf-dkim@mipassoc.org>; Thu, 17 Nov 2016 13:51:33 +0100 (CET)
Received: from 2001:4ca0:0:f000:8c1f:180d:3d38:8df by roundcube.lrz.de with HTTP (HTTP/1.1 POST); Thu, 17 Nov 2016 13:51:32 +0100
MIME-Version: 1.0
Date: Thu, 17 Nov 2016 13:51:32 +0100
From: Michael Storz <Michael.Storz@lrz.de>
To: Ietf Dkim <ietf-dkim@mipassoc.org>
In-Reply-To: <CAL0qLwbA6Vjqpi5hGOtbpLV9FwgDO3VVA=Q5GgAU9F0qOsQCNQ@mail.gmail.com>
References: <alpine.OSX.2.11.1611142158000.21738@ary.local> <01Q7ASDZFS6C011WUX@mauve.mrochek.com> <CAL0qLwazAg2UJvGAr+nx8R_xEbc4xV0ttPEWFKUD69u6xXaMhA@mail.gmail.com> <CAL0qLwaMzy=qeW5XYZ_txPaiYE27Oof+C5V1uRANvv-_cayOcQ@mail.gmail.com> <CY1PR00MB0107389F8FE73F140849A19996BE0@CY1PR00MB0107.namprd00.prod.outlook.com> <2736ea21-69e6-83b1-3b59-377c032290b5@dcrocker.net> <CY1PR00MB01072F4EB32969888104C45196BE0@CY1PR00MB0107.namprd00.prod.outlook.com> <CAL0qLwbdNVwT-xiCmxyhSqKcp4-hCA1COHKh0wdYrYEekzZ=XA@mail.gmail.com> <3009defcc6dc9043823618dbc338460d@xmail.mwn.de> <CAL0qLwbvqABZGsm2Hp20y8wgvQTKvPn+EBKiS37eMrp+9NemjA@mail.gmail.com> <da2e49df90980fe460d1effd7734ef42@xmail.mwn.de> <CAL0qLwbA6Vjqpi5hGOtbpLV9FwgDO3VVA=Q5GgAU9F0qOsQCNQ@mail.gmail.com>
Message-ID: <63a2bfc52a81eb569a0af5e1699390d9@xmail.mwn.de>
X-Sender: Michael.Storz@lrz.de
User-Agent: Roundcube Webmail/1.2.0
Subject: Re: [ietf-dkim] [dmarc-ietf] a slightly less kludge alternative to draft-kucherawy-dmarc-rcpts
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim/>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Errors-To: ietf-dkim-bounces@mipassoc.org
Sender: ietf-dkim <ietf-dkim-bounces@mipassoc.org>

Am 2016-11-16 21:00, schrieb Murray S. Kucherawy:
> On Wed, Nov 16, 2016 at 11:50 PM, Michael Storz <Michael.Storz@lrz.de>
> wrote:
> 
>> Ok, I see you have removed the hashing of the recipient together
>> with the email itself. But how do you prevent a replay attack, if
>> the new tag is not bound to the email and signed with the DKIM-key
>> (that's how I read 4.1.4)? The spammer could remove the tag or
>> provide his own tag with the new recipient before resending the
>> email.
> 
> The signature signs itself, so removing or changing the tag
> invalidates the signature.  Have a look at RFC6376, Sections 3.5 and
> 5.1.
> 
> -MSK

Thanks, I see. That means the recipient is bound to the message and an 
attacker cannot delete or change the new tags. Great solution, I like 
it, though I do not like the consequences when this extension will go 
into production.

Michael
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email