Dave Crocker writes: > The scenario being discussed is for a recipient who gets both signatures > when they are valid, but who does not know about DKIM-Delegate.
I didn't understand that from previous posts. At least Hector seems to be concerned (though not exclusively so) with the case I presented. I suspect John as well. And I think that case is important. > So your system needs to decide which one to prefer. > It ought to prefer the 'stronger' one, but the point being raised > is that this is not an issue that has been at issue until now. > (Or, at least, not much of an issue until now.) If they're both valid, isn't this "no blood, no foul"? Is there a concern is that having seen a token signature, it will ignore the valid signature, and treat the message as high-risk? I think that that is a quality-of-implementation-issue that the DKIM-Delegate document itself need not worry about, except maybe a mention in the discussion section. > The concern is that the weaker signature (that I call a token, given how > little of the message it is likely to cover) is more easily re-used for > a replay attack. I don't understand what attack you have in mind, if that attack involves two valid signatures from the Author Domain, the content- covering signature has a "good" selection of headers, and doesn't use the l= tag. (The latter two conditions are consonant with current common practice, I believe, but I mention them for completeness in describing the scenario I think is relevant.) If the attack doesn't have two valid signatures from the Author Domain, then aren't we in the scenario I describedin my previous post? Steve _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
