[secdir] [new-work] WG Review: Domain Keys Identified Mail (dkim)
The IESG <iesg@ietf.org> Tue, 17 January 2023 17:46 UTC
Return-Path: <new-work-bounces@ietf.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 32B33C4C5B88; Tue, 17 Jan 2023 09:46:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1673977592; bh=znmlKE2ZSbNPmoJf83jyTm7R1RlRK4bYlDcp4GHH2sE=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:Reply-To; b=VtnHzrFmRU/7ngnnBOe+Kh7UesTs0ibS6Dy2ovE5FZYZJrZuk73ejKY+N76Wf2zPJ F4uT/SwOcMIRuS/99VEZXNJPacx3CAFDHiHh+ROAMhxpvQ8JqHDVVVeweOUgxVsnPI xmxEXe3VRHdEKKhRm3hlw8J3rSeQGusuhQuxXF1E=
X-Mailbox-Line: From new-work-bounces@ietf.org Tue Jan 17 09:46:31 2023
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C110C4924E2; Tue, 17 Jan 2023 09:46:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1673977591; bh=znmlKE2ZSbNPmoJf83jyTm7R1RlRK4bYlDcp4GHH2sE=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:Reply-To; b=bH4q9W/3KBn5iKW/G3Y4QH9U4U1hG1oxZB4gnJUVDS1uk6DvfCM6ONwU1opR4DBtw Ylng9r8/Ki6aimfHQEdYfknkLaqDRzqo3avQtm+n6jX/J3cobNN3mdca9bUDMcg63T VwMFIfOtureu+7Z0Go7foeaRRXhzJZCNDbHUIeV8=
X-Original-To: new-work@ietf.org
Delivered-To: new-work@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8323AC152567 for <new-work@ietf.org>; Tue, 17 Jan 2023 09:46:24 -0800 (PST)
MIME-Version: 1.0
From: The IESG <iesg@ietf.org>
To: new-work@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 9.5.0
Auto-Submitted: auto-generated
Precedence: bulk
MIME-Version: 1.0
Reply_to: <iesg@ietf.org>
Message-ID: <167397758453.61615.14845641984562271996@ietfa.amsl.com>
Date: Tue, 17 Jan 2023 09:46:24 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/new-work/qJdQ6324Hqj1C25hLsDfMl1noKI>
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.39
Reply-To: iesg@ietf.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: new-work-bounces@ietf.org
Sender: new-work <new-work-bounces@ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/K0TV3IuDi560AKSjsSQFBU86OCc>
X-Mailman-Approved-At: Tue, 17 Jan 2023 09:53:17 -0800
Subject: [secdir] [new-work] WG Review: Domain Keys Identified Mail (dkim)
X-BeenThere: secdir@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jan 2023 17:46:32 -0000
A new IETF WG has been proposed in the Applications and Real-Time Area. The IESG has not made any determination yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list (iesg@ietf.org) by 2023-01-27. Domain Keys Identified Mail (dkim) ----------------------------------------------------------------------- Current status: Proposed WG Chairs: TBD Assigned Area Director: Murray Kucherawy <superuser@gmail.com> Applications and Real-Time Area Directors: Murray Kucherawy <superuser@gmail.com> Francesca Palombini <francesca.palombini@ericsson.com> Mailing list: Address: ietf-dkim@ietf.org To subscribe: https://www.ietf.org/mailman/listinfo/ietf-dkim/ Archive: https://mailarchive.ietf.org/arch/browse/ietf-dkim/ Group page: https://datatracker.ietf.org/group/dkim/ Charter: https://datatracker.ietf.org/doc/charter-ietf-dkim/ Domain Keys Identified Mail (DKIM, RFC 6376) defines a method for using a digital signature to associate a domain identity with an email message using an appropriate cryptographic authentication mechanism, and to assure receiving domains that the message has not been altered since the signature was created. Receiving systems can use this information as part of their message-handling decision. This can help reduce spam, phishing, and other unwanted or malicious email. A DKIM-signed message can be re-posted, to additional recipients, in a fashion that retains the original signature. With an author and a recipient collaborating, this can "replay" the message, using the original signer's reputation to propagate email with problematic content -- spam, phishing, and the like. Generally, the technical characteristics of this form of abuse match those of legitimate mail, making its detection or prevention challenging. Timestamps and carefully-tailored message signing conventions are appealing approaches to replay mitigation. Each has significant limitations. The DKIM working group will first develop a clear problem statement, which it may choose to publish. Then, it will produce one or more technical specifications that propose replay-resistant mechanisms. The working group will prefer solutions compatible with DKIM's broad deployment, and there will be an expectation that these solutions will have been through implementation and interoperability testing before publication. If the working group decides that is unable to identify a consensus technical solution to this problem space, it may instead publish a report describing the problem and summarizing the reasons that none of the proposed approaches are acceptable. Finally, the working group may produce documents that update operational advice to reflect modern considerations, especially with respect to the replay problem described above. This should be done only if there is a consensus opinion that such advice would be based on experience rather than theory. Current proposals include the following drafts: - draft-bradshaw-envelope-validation-extension-dkim - draft-chuang-dkim-replay-problem - draft-chuang-replay-resistant-arc - draft-gondwana-email-mailpath - draft-kucherawy-dkim-anti-replay The working group may adopt or ignore these as it sees fit, and may consider or develop other proposals. Milestones: Apr 2023 - Post a consensus problem statement draft to the datatracker (may not go to the IESG) Jun 2023 - Proposal regarding plans for remaining document(s) presented to the AD Dec 2023 - Submit technical specifications for replay-resistant DKIM enhancement(s) to the IESG at Proposed Standard Dec 2023 - Submit revised operational advice for replay-resistant DKIM use to the IESG at Informational _______________________________________________ new-work mailing list new-work@ietf.org https://www.ietf.org/mailman/listinfo/new-work