Answering four messages at once:
> Someone sends off a message to a mailing list with the two DKIM > signatures and DKIM-Delegate. Someone else, perhaps a list > subscriber, notes that the weaker signature doesn't cover the body, so > he replaces the body with nose enlargement spam and blasts it out. > Recipient MTAs which haven't been updated since 2014 and don't know > about DKIM-Delegate see the weak but valid signature and since the > signer has a generally good reputation, delivers it. Ugh.Right, that's the "considerable latitude" that's already mentioned in the draft. The "x=" is the current protection against that sort of abuse. It's not much, but it's what we've thought of so far. The alternative is to use an "l=" that is the length of the original rather than 0, which constrains the abuse considerably but might reduce the likelihood of this working.
For this application I don't see x= as much protection. If a bad guy subscribes to the list or gets messages via something like gmane, he can do the mutate and spam in close to real time.
I see your point, though it seems strange to do a version bump when that's really the only change to the bits on the wire, and the only real change then is how the signatures are interpreted; syntax vs. semantics. ... DKIM-Signature: v=1; d=example.com; ... DKIM-Signature: v=2; l=0; d=example.com; rsf=to,cc,trusted-lists.example.org; ... "rsf" = "require signature from", with "to" and "cc" being special case keywords with the obvious meaning.
Right. This seems to me a DKIM signature with a different semantics, only pay attention to this one if there's a matching forwarding signature (give or take your inexcusable assumption that nobody at the registries in Tonga or the Cocos islands will ever use this.)Adding new tags to DKIM signatures should be no big deal. The spec has always been very clear that verifiers ignore tags that they don't understand and I know that works, since I've been adding private tags ever since the argument about what, if anything, the i= tag means.
Adding a new tag doesn't need a version bump so long as it's OK for verifiers that don't understand the tag to ignore it. This needs a version bump since the intention is that the signature isn't interesting unless it's paired with a forwarder's signature so you have to undersand rsf=.
You could get the same effect by defining a new signature header with the same syntax and meaning as DKIM-Signature except that the rsf= tag is mandatory and you ignore it without the second signature: DKIM-Forwarding-Signature: v=1; l=0; d=example.com; rsf=to,cc,trusted-lists.example.org; I don't see any reason to prefer this, but whatever.Re Dave's concern that DKIM verifiers don't look at the version number, that's easy enough to check since there aren't many widely used verifier libraries, and most large MSPs add A-R headers so you can send mail to your test account and see how it liked the signature.
R's, John
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
