IETF Logo Mail Archive

[Ietf-dkim] Update of Replay Resistant Authenticated Receiver Chain

Wei Chuang <weihaw@google.com> Wed, 10 May 2023 14:00 UTC

Return-Path: <weihaw@google.com>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49C2DC137371 for <ietf-dkim@ietfa.amsl.com>; Wed, 10 May 2023 07:00:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.503
X-Spam-Level:
X-Spam-Status: No, score=-17.503 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, HTML_OBFUSCATE_10_20=0.093, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NObZnqxRTrOZ for <ietf-dkim@ietfa.amsl.com>; Wed, 10 May 2023 07:00:54 -0700 (PDT)
Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6580C15198F for <Ietf-dkim@ietf.org>; Wed, 10 May 2023 07:00:51 -0700 (PDT)
Received: by mail-wm1-x32f.google.com with SMTP id 5b1f17b1804b1-3f42450eec4so55e9.0 for <Ietf-dkim@ietf.org>; Wed, 10 May 2023 07:00:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1683727249; x=1686319249; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=5ESkA0r/SlVsf7CVf39iCnzwUBsOTz8E+pHMyuXaSFQ=; b=s+Vpw5wI/eyqPaLZonY0QzRoSDtgQvDcN+3dyAky9Dc8Uo1JC6o4vmF1gVSAydq8GF 8JDx9C9jbyFiNTd3yf2NanAwEPg8Ttp/fiZP+DTt/1dxNJ2CjRSl+AGGgHum850emhRq hIggbAsuRPhpSlV3Cusi8Iut9LWrsSmDsXu79mJkqmbCnY1ChVs8tiiOg/K8ljdAmQem iqhdQziHcB0pnnjqS9LCOij14uM0xZx0xaT1NTGkDyWsdQxsCJgqlSsPa17jfNRg/mHC 1tzXiWNAbpM/XzPrKKPnEpbfhuq5t+9vmfPoNLeu/PROc7E5EmM2vC42k3opgX2z6Nr+ XYaA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683727249; x=1686319249; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=5ESkA0r/SlVsf7CVf39iCnzwUBsOTz8E+pHMyuXaSFQ=; b=LuuCRpJ+M67hvMiovvAIYGr/nYUtQOa2uDU643Wrc7A9G4HGEugG4x7R3dL6wktvNI xuPs6sttbX2qRNZJb6HaBdlIMPHmoQzEsYKHRkK/EOqOqg+ETSbKLRl0A8+KEolDOvJM iUq9NlzmiHGerBazezbksBjFNmeF9XXLhsEPNOYuPARXK5KrzojZkzA8nCDt18OaX77G bDvplMQpPVPJyFMqJeFVKqMKLV5a4zvG+znIJhckyCvCt09MO1N6OOLzPtatEjAuY2bD XMZ+oQfLqACIVmIN3GqNr3qtpliAmpuO5GBteEfuieqXLR7B73VlQF3eyKmi/MomV2AK LjWQ==
X-Gm-Message-State: AC+VfDwIPmPLO4G1JoUyMGof3Rn+xvINes5isDlO1xNRqMhro/gxucyj dVyteECSPE5B1BWXPZgzW64Bw+olPt76iekTZxahPvZFQgkf4CxGYq8Rgw==
X-Google-Smtp-Source: ACHHUZ517Ya/tMvzfET5UOOMIGPwYK3/PBWZ0PN6CZXDGu9x16MpaMbkWE+PdEjvX1XRVAKtfzkuXvbsUEGdTEZ/87Q=
X-Received: by 2002:a05:600c:3c83:b0:3f1:693d:1b0e with SMTP id bg3-20020a05600c3c8300b003f1693d1b0emr542wmb.2.1683727248765; Wed, 10 May 2023 07:00:48 -0700 (PDT)
MIME-Version: 1.0
From: Wei Chuang <weihaw@google.com>
Date: Wed, 10 May 2023 07:00:36 -0700
Message-ID: <CAAFsWK3ZZNLwdqcGt-H8SXXmB=-yoDHttgViDQMw4DFBHW0m1w@mail.gmail.com>
To: Ietf-dkim@ietf.org
Content-Type: multipart/alternative; boundary="000000000000901d8c05fb574ce8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/ri_FgF5hry19sEDZYDlOAS7_rRU>
Subject: [Ietf-dkim] Update of Replay Resistant Authenticated Receiver Chain
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 May 2023 14:00:55 -0000

There is a -06 version of I-D draft-chuang-replay-resistant-arc
<https://datatracker.ietf.org/doc/draft-chuang-replay-resistant-arc/> now. The
main two changes in this  version are around "DARA", which is one of two
techniques to fight replay, and now support for DKIM.  Regarding the
latter, the originator may optionally support signing only with
DKIM-Signature to cover the common case direct mail flow pattern.
Regarding the former, draft -06 modifies DARA to support a Chain of Custody
algorithm that further helps fight replay.  I'll send out an examples
document that illustrates both changes in a second post.
-Wei

v2.23.0 | Report a Bug | By Email