On 6/12/2014 11:58 AM, Stephen J. Turnbull wrote: > Dave Crocker writes: > > > The scenario being discussed is for a recipient who gets both signatures > > when they are valid, but who does not know about DKIM-Delegate. > > I didn't understand that from previous posts. At least Hector seems > to be concerned (though not exclusively so) with the case I presented. > I suspect John as well. And I think that case is important.
Now it's my turn to not understand. Really, what scenario is involved here? > > So your system needs to decide which one to prefer. > > > It ought to prefer the 'stronger' one, but the point being raised > > is that this is not an issue that has been at issue until now. > > (Or, at least, not much of an issue until now.) > > If they're both valid, isn't this "no blood, no foul"? The concern is a a write-down attack, where the weaker signature is effectively an exploit. > Is there a concern is that having seen a token signature, it will > ignore the valid signature, and treat the message as high-risk? I > think that that is a quality-of-implementation-issue that the > DKIM-Delegate document itself need not worry about, except maybe a > mention in the discussion section. Sounds like a generic issue with receiver use of DKIM. A worthy question, but not inherent to -Delegate. > > The concern is that the weaker signature (that I call a token, given how > > little of the message it is likely to cover) is more easily re-used for > > a replay attack. > > I don't understand what attack you have in mind, if that attack > involves two valid signatures from the Author Domain, the content- > covering signature has a "good" selection of headers, and doesn't use > the l= tag. (The latter two conditions are consonant with current > common practice, I believe, but I mention them for completeness in > describing the scenario I think is relevant.) The premise is that the weaker nature of the token signature (needed to get it to survive through the mailing list) will make it more subject to some form of replay attack that includes bad content. I've no idea how serious the threat is, but it's certainly a mathematically legitimate concern. > If the attack doesn't have two valid signatures from the Author > Domain, then aren't we in the scenario I describedin my previous > post? Probably. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
