IETF Logo Mail Archive

[Ietf-dkim] Re: New I-D: A Deployment Profile for DKIM2 via Milter Interface

Bron Gondwana <brong@fastmailteam.com> Mon, 20 April 2026 00:26 UTC

Return-Path: <brong@fastmailteam.com>
X-Original-To: ietf-dkim@mail2.ietf.org
Delivered-To: ietf-dkim@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 6946EDF52A06 for <ietf-dkim@mail2.ietf.org>; Sun, 19 Apr 2026 17:26:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1776644765; bh=JDEIgKnKN0XPmnsqA4iwtxriOsBDYxtwkkoLvPXLiZA=; h=Date:From:To:In-Reply-To:References:Subject; b=QnoKIZvLhikCSZbr1mTQybEAvFAZiBpkxflSTh1PXNdrJZZTFDwB5q3Nqk2uLhi2z +eSz7p9L/RMvK3uesRH6ZJnXkCTNFkw1emW7uzeOR/3KRSPNQrSp72Ec1nXe76skb+ Nk0RcEP2RvJynBlxXAGGzGz1bfIHvG5H1mS3nMQQ=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b="ObtrGtfE"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="LlGGPY9F"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Iy7qdyeujJQ7 for <ietf-dkim@mail2.ietf.org>; Sun, 19 Apr 2026 17:26:04 -0700 (PDT)
Received: from fout-b8-smtp.messagingengine.com (fout-b8-smtp.messagingengine.com [202.12.124.151]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 433F0DF529FE for <ietf-dkim@ietf.org>; Sun, 19 Apr 2026 17:26:04 -0700 (PDT)
Received: from phl-compute-10.internal (phl-compute-10.internal [10.202.2.50]) by mailfout.stl.internal (Postfix) with ESMTP id 9DEC71D00070 for <ietf-dkim@ietf.org>; Sun, 19 Apr 2026 20:25:58 -0400 (EDT)
Received: from phl-imap-15 ([10.202.2.104]) by phl-compute-10.internal (MEProxy); Sun, 19 Apr 2026 20:25:58 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=cc:content-type:content-type:date:date:from :from:in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm3; t=1776644758; x= 1776731158; bh=ZDbN6HbKQplSDs2RMgHs629mionCkD7qdb1O9y2xwWE=; b=O btrGtfEuiewrxFT5HMjPsS/RnXbWkaqBLQPgVkMMbHLDJtdHBWGDO5OIe0KWznA3 WAgFkjnUTnaXcN5YYkjhzHK31ytwtgSZPyGpJSqAR03qqvCd3EXO9V12Ru7dDuiy VAOZj7Kuse19cFbbeJ7UvP6FH3iKeyH0b93AxDmN6nqllmiYxKNeeUEcsjE6Mf37 gp/3TLOJKwhetOjs2ROOl8o6V2UArY6ERTVASARSxLDNnTx9sxQWlCeLuQIX4I5n JXl1+PexEyp01j5JXmI7864JyuXIzVqYhi0ZoUdB0JMkhqBE+pX1so0B8PuDQMaD vdxT+0l+T31E1fhGRfesQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1776644758; x=1776731158; bh=ZDbN6HbKQplSDs2RMgHs629mionCkD7qdb1 O9y2xwWE=; b=LlGGPY9FfUnrTG3NJ2PE5N0imP/MsoEkPrKs6yTtqjA5R5VBBZq 3hJLI5WdmomjTe6yGki1LjLpPWCuOCLvUDMMux4+mjmXiwdiAEMbdQdWuHVL0Mne IRdiZqGsdZH02yNt9cgWIGoeSaG2/4ld5Xxzx6omG6y9rlftAsxJYbmBAevHcHni Ofx5HGYzpPfzRb9sCoWy81gK0957rXWX0RabWRcRJxGC2vToemG8QNHvauDcNHb7 f7K6eLp2u2Q4A/1gWwmFwsm1h0SO1NWfhuTDfMlBI3ltCjOn5Pf8lUGkNu+Kn3zj o2rR/FzgqfDGDUdOAt7UlJyolieJ+eK2sSQ==
X-ME-Sender: <xms:lnLlaVt10OzXD7FK8MyNXdOAD9om30kdqAPLvHmZ3X6Ne2ccFaAXSA> <xme:lnLlaZSNpBO1FF3R6BYRVyINF2Gl7rWzqtH3En2SBRzh05kQPBfsY5SOq_0vRUnLD R5RtD6CW92yvhXzncB1BHe8Fi92Ry35896ttCnH2972UCU>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefhedrtddtgdehjedtjecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr ihhlohhuthemuceftddtnecunecujfgurhepofggfffhvffkjghfufgtsegrtderreertd dtnecuhfhrohhmpedfuehrohhnucfiohhnugifrghnrgdfuceosghrohhnghesfhgrshht mhgrihhlthgvrghmrdgtohhmqeenucggtffrrghtthgvrhhnpeefveejveekudekffffve evueetfeehuedufefftefggefhheelteelgeeghefftdenucevlhhushhtvghrufhiiigv pedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegsrhhonhhgsehfrghsthhmrghilhhtvg grmhdrtghomhdpnhgspghrtghpthhtohepuddpmhhouggvpehsmhhtphhouhhtpdhrtghp thhtohepihgvthhfqdgukhhimhesihgvthhfrdhorhhg
X-ME-Proxy: <xmx:lnLladRwR2fgxYmlyEEcdRRDaJoGUKaZcsXitNi63vdhK4FREj057Q> <xmx:lnLladuW2aqay1twkkgkdn6k_2i1aaoyss0eDzmJDtb50JOvJfhTNw> <xmx:lnLlaYdoNLT5WiOCFN_oFaCW0lRKbl40_Png3Ez9W3zjXYLfyBppnA> <xmx:lnLlaaJMI6eunkF_cRDwgDHtQc-MfF9uGmihx_l6OJ7vWyHX4oSBAA> <xmx:lnLlaZqW6fsNIhEY_rWhOXy7zp9fphxgwy69D-TimsUozcsodhe4-awu>
Feedback-ID: i2d7042ce:Fastmail
Received: by mailuser.phl.internal (Postfix, from userid 501) id 4C1BF780076; Sun, 19 Apr 2026 20:25:58 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
MIME-Version: 1.0
Date: Mon, 20 Apr 2026 10:25:35 +1000
From: Bron Gondwana <brong@fastmailteam.com>
To: ietf-dkim@ietf.org
Message-Id: <ea4c9010-5fe8-4b9b-b3e2-503a1a104a83@app.fastmail.com>
In-Reply-To: <41ecaf8f88de864726f464bfc183d7f0@itb.it>
References: <f57b6ebedadedc5f6dbdf07e2de5e824@itb.it> <CAL0qLwa9=WkyFF4QmscaG5p93pZso7g7oq5yp1zW=-t1sN9jCA@mail.gmail.com> <7b41024e-8155-4289-8150-54dc4dff1a87@inveigle.net> <CAL0qLwYHXd9b+JTOEtJMnJ4UUEhzh631+stPzpPOepW0vpGv0A@mail.gmail.com> <79ca14fb9642f590200989ecf86e12c5@itb.it> <CAL0qLwawxwJwkhsNtoC_ZYQ9g6w2L+Sy+qLC_eB0XqWP1CCQSA@mail.gmail.com> <f6dedd54b45376041ddbcc6df82aa705@itb.it> <b4bf2c35-9ee6-4818-96c8-75c93c07eccc@app.fastmail.com> <CAL0qLwZR5SGS=g5j_gnKB+D8Y3d0hXrmVSpoZVTqG+ACH8AHdQ@mail.gmail.com> <1d79f5afee229c3ff8c038cdfd290c12@itb.it> <e71d34a3-9d5f-47e2-af95-13927dbca90e@app.fastmail.com> <CACfBKehWCBuxXfR92dAMxJufYVfCWFCGi0zToQo8P6zn5ASVvQ@mail.gmail.com> <b0d6b4372f757076d53f6ef411ebe506@itb.it> <3P+OVUE3OY4pFApj@highwayman.com> <5e4a835b9bd9f60be82e0a25225f052b@itb.it> <zSzfCvEBEl4pFA47@highwayman.com> <d258ad06c0d9a7b64a0cf2cf919d2f07@itb.it> <wuCfdLBHe44pFAq1@highwayman.com> <d015cb266ecdd7f791a72571d561a8f5@itb.it> <ab00b534-e634-4077-910a-d972847e24f8@app.fastmail.com> <41ecaf8f88de864726f464bfc183d7f0@itb.it>
Content-Type: multipart/alternative; boundary="532c650e11a24c0e83fe7f0f2cc7525ce93c3ea7"
Message-ID-Hash: 3MSG3QRTSOD5I6ZKJWL7QSS7BQKU67QV
X-Message-ID-Hash: 3MSG3QRTSOD5I6ZKJWL7QSS7BQKU67QV
X-MailFrom: brong@fastmailteam.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ietf-dkim.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Ietf-dkim] Re: New I-D: A Deployment Profile for DKIM2 via Milter Interface
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/Mx2QU_svqLR8vDjvS-PlS9Fm47w>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Owner: <mailto:ietf-dkim-owner@ietf.org>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Subscribe: <mailto:ietf-dkim-join@ietf.org>
List-Unsubscribe: <mailto:ietf-dkim-leave@ietf.org>


On Sun, Apr 19, 2026, at 22:37, Vittorio wrote:
> Hello Bron,
> 
> bad guys lie about recipes too. Multiple colluding nodes forge recipes 
> with the same keys they use to forge bh= values. If the adversary 
> controls N nodes in the chain, those N nodes produce N internally 
> consistent but fabricated recipes... and the receiver has no way to 
> distinguish them from honest ones.
> "Bad guys lie" is not an argument for body recipes. It is an argument 
> against trusting any single mechanism (including body recipes).

I don't see how that is possible. Perhaps you can generate an example to demonstrate how nodes can fabricate recipes that don't reliably reproduce the content of the previous hop and yet validate against the previous hop's bh=.

My contention is that with a recipe and a hash; it is impossible (short of breaking the hash function) to lie about which changes you made.  Sure, you can lie about anything that happened inside a range of domains that you control, since you can change and re-hash the message and lie about the individual hops that happened inside that range, but you can't make any change appear to have been made by another system which is NOT one of those domains you control.

Bron.

--
  Bron Gondwana, CEO, Fastmail Pty Ltd / Fastmail US LLC
  brong@fastmailteam.com

v2.41.0 | Report a Bug | By Email | System Status