IETF Logo Mail Archive

Re: [Ietf-dkim] Rechartering

Dave Crocker <dhc@dcrocker.net> Mon, 28 November 2022 02:50 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDF4CC14CEEA for <ietf-dkim@ietfa.amsl.com>; Sun, 27 Nov 2022 18:50:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dcrocker.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g6T5iySkl8iW for <ietf-dkim@ietfa.amsl.com>; Sun, 27 Nov 2022 18:50:28 -0800 (PST)
Received: from hamster.birch.relay.mailchannels.net (hamster.birch.relay.mailchannels.net [23.83.209.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24FE8C14F607 for <Ietf-dkim@ietf.org>; Sun, 27 Nov 2022 18:50:27 -0800 (PST)
X-Sender-Id: hostingeremail|x-authsender|dhc@dcrocker.net
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id B147341324 for <Ietf-dkim@ietf.org>; Mon, 28 Nov 2022 02:50:26 +0000 (UTC)
Received: from gcp-us-central1-a-smtpout2.hostinger.io (unknown [127.0.0.6]) (Authenticated sender: hostingeremail) by relay.mailchannels.net (Postfix) with ESMTPA id 0783C41386 for <Ietf-dkim@ietf.org>; Mon, 28 Nov 2022 02:50:25 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1669603826; a=rsa-sha256; cv=none; b=PwGpGmvcCEdSiC9ycy4AWE34nNOA2zC62k18lrH6+YEjnaIZLc1BgYeVi3f7OPKAL33Qsd XPqPmz1QsF1MPmaZQHbx63fVP90lpczU0/0JCl/AJKqJOPUDJhWorkguLHCTUTAvvdRmCz XR2WISxjGA/5TEX04wMq5HhsQYGD5Iqk6W1x9Bl1D//JVTgeZIaz/0SJskRpMOCPb5cLZk EWpasQzNdMdcbyViaBCV1FKpACnVgykZg9SpdklzUGu26mOWxM2rdxP+66v/VBcRYP1F9d gIQeQg2MSkZevfTFSZ7siKs74hJNTuUssfrCg23jzEB79vFlgEClDIjIRmnTnQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1669603826; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=nAYbl1BTeaVp8blaHHL0ngkywKLZ1qdoo0gZBRwjQxM=; b=4CDFR+c7MPn5rL+1v8pont3HvdnJ3UDlyZ/bqfy3JihgygKR8E4H/PzgaaW+CjaeybxwU8 4uFvQqgfsyTzZlcjhUEZy4Vgw+ODugZXbZc4RfYbSyv0RIQpG4+D02kSwt3H/XLODnJlKm JlM5gr9oDMFP8P45pew1ncjDCqmjWDMR0AsmwFIINutkvbRSY0Ejkr1d1FQi9K5OcgHsIr 5r8caIH53eXaUxNoXGz6t6wKnTh6KrRhyy47sNs5xTnc8NamfayAF8+8ou22nqIIzXVIgg VARwP67O6sQBarkMRnTPrw0b0Kiel5vzlJEgkNUArMqaCnNKZa7sBN73YumNeQ==
ARC-Authentication-Results: i=1; rspamd-84789cff4b-5sz77; auth=pass smtp.auth=hostingeremail smtp.mailfrom=dhc@dcrocker.net
X-Sender-Id: hostingeremail|x-authsender|dhc@dcrocker.net
X-MC-Relay: Neutral
X-MailChannels-SenderId: hostingeremail|x-authsender|dhc@dcrocker.net
X-MailChannels-Auth-Id: hostingeremail
X-Illustrious-Battle: 06bdb2c60b15b2aa_1669603826371_502632286
X-MC-Loop-Signature: 1669603826371:3059503542
X-MC-Ingress-Time: 1669603826371
Received: from gcp-us-central1-a-smtpout2.hostinger.io (gcp-us-central1-a-smtpout2.hostinger.io [35.192.45.35]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.109.196.241 (trex/6.7.1); Mon, 28 Nov 2022 02:50:26 +0000
Received: from [192.168.0.109] (c-73-170-122-71.hsd1.ca.comcast.net [73.170.122.71]) (Authenticated sender: dhc@dcrocker.net) by smtp.hostinger.com (smtp.hostinger.com) with ESMTPSA id 4NL91k0LkHz7W9QY; Mon, 28 Nov 2022 02:50:17 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dcrocker.net; s=hostingermail-a; t=1669603818; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nAYbl1BTeaVp8blaHHL0ngkywKLZ1qdoo0gZBRwjQxM=; b=Y8i+oA2q/YjW1jql5xsmnSAnQhvlgFonTuM73XmSrEqV4a/bU/zkMJZTmrYRY40VrFje+Y 7CVeCax5jEZFK+XVOLxxhd1YRCf8/AZ79O/qpJ+Ocn0jnzsnnUOFgX3PEDGQNMR/zQkldI ms+8sXpVIuTMmPoHY8vL5IhCWQe31CcoIVWJle3+8mys+RKR1BO8h0qvY9t96+hRPcO3FD 26J9nsCtO59jdPAKpmo7/7h7ApBpnvTLxj+Ty+8e+LYlezg1snrQWrp5rkhCr7uS8kCUt2 4I/CHgZaf9J32/6h/q4h9RklwQh79SW7VgZfElWBhh8PihECy7yIp9wWI9Kcyg==
Message-ID: <3d7deffe-3ace-6411-417f-541f383d1892@dcrocker.net>
Date: Sun, 27 Nov 2022 18:50:16 -0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.5.0
Reply-To: dcrocker@bbiw.net
Content-Language: en-US
To: "Murray S. Kucherawy" <superuser@gmail.com>, Ietf-dkim@ietf.org
References: <CAL0qLwZQAtLyDoAXgFoaNmsm3CCrLESr=P8foWe_YybWmC=PjA@mail.gmail.com>
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
In-Reply-To: <CAL0qLwZQAtLyDoAXgFoaNmsm3CCrLESr=P8foWe_YybWmC=PjA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-CM-Analysis: v=2.4 cv=HP7Qq6hv c=1 sm=1 tr=0 ts=638421ea a=RWeyNHkVnTTD7ejqcR0qZA==:117 a=RWeyNHkVnTTD7ejqcR0qZA==:17 a=IkcTkHD0fZMA:10 a=k7Ga1wGzAAAA:8 a=EIJ4esZPYy6E_daqBV4A:9 a=QEXdDO2ut3YA:10 a=ijMaxGghyylP-n2pFjDB:22
X-CM-Envelope: MS4xfDbu8/7Znm2trWqaJK3sT9ADg1BT6aDI86zk57Z7zTJ5olvPh+Ju67xbEURCg0CH/sP2aZ9LYawxy8w20NWvXsHdVw5sShSRErTBeOT2bi6yTWunQzi/ nbIcP2+ay6aZqm8Lx6Z77znFN+EXtsZpgXm67VEamL7AxHKtMCvUfWQgL00Vb3003YpUcJfjF1ZvRtDWjoER2CWCTMp5FL/HUEw=
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/ru_FgO8cq6Ldzex5E8Rs348B4HQ>
Subject: Re: [Ietf-dkim] Rechartering
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Nov 2022 02:50:32 -0000

On 11/27/2022 6:30 PM, Murray S. Kucherawy wrote:
> Domain Keys Identified Mail (DKIM, RFC 6376) defines a mechanism for
> using a digital signature to associate a domain identity with an email
> message in a secure way, and to assure receiving domains that the 
> message has
> not been altered since the signature was created.  Receiving systems

Again:  DKIM does not assure that the message has not been altered.  It 
assures only the covered portions of the message.

That's not a small difference in data integrity protection.


> can use this information as part of their message-handling decision.
> This can help reduce spam, phishing, and other unwanted or malicious
> email.
>
> A DKIM-signed message can be re-posted, to a different set of 
> recipients, without
> disturbing the signature's validity.  This can be used to confound the 
> engines that
> identify abusive content.  RFC 6376 identified a risk of these 
> "replay" attacks, but
> at the time did not consider this to be a problem in need of a 
> solution.  Recently,
> the community has decided that it has become enough of a problem to 
> warrant being revisited.

This does not provide any real understanding of how replay is 
accomplished.  And since it's easy to explain and doesn't take much 
text, I'll again encourage including that in the document that defines 
the nature of the problem we will be working on, namely the charter.

Really, it's not asking a lot to identify the role of the collaborating 
recipient and possibly a bit more.  This makes the charter more directly 
useful to circulate widely and be understand in substance, without 
requiring the reader to either already know the topic or to forage for 
other documents.


> The DKIM working group will produce one or more technical 
> specifications that
> describe the abuse and propose replay-resistant mechanisms that are 
> compatible
> with DKIM's broad deployment.  The working group may produce documents 
> describing
> relevant experimental trials first.

This draft doesn't include the 'preservation of installed base' cover 
text that Barry's had and I forgot to include in mine.  I think it's 
important.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net
mast:@dcrocker@mastodon.social

v2.23.0 | Report a Bug | By Email