Dave Crocker writes: > On 6/12/2014 11:58 AM, Stephen J. Turnbull wrote: > > Dave Crocker writes: > > > > > The scenario being discussed is for a recipient who gets both signatures > > > when they are valid, but who does not know about DKIM-Delegate. > > > > I didn't understand that from previous posts. At least Hector seems > > to be concerned (though not exclusively so) with the case I presented. > > I suspect John as well. And I think that case is important. > > Now it's my turn to not understand. Really, what scenario is involved here?
Any situation where the token signature is the only valid signature from the Author Domain. > > > It ought to prefer the 'stronger' one, but the point being raised > > > is that this is not an issue that has been at issue until now. > > > (Or, at least, not much of an issue until now.) > > > > If they're both valid, isn't this "no blood, no foul"? > > The concern is a a write-down attack, where the weaker signature is > effectively an exploit. We're talking about verification by the destination MTA (no mention of mediators anywhere. If there *is* an attack involving two valid signatures from the Author Domain, I don't see how either DKIM or DKIM-delegate can do anything about it. > > Is there a concern is that having seen a token signature, it will > > ignore the valid signature, and treat the message as high-risk? > > Sounds like a generic issue with receiver use of DKIM. A worthy > question, but not inherent to -Delegate. That's part of what I meant by "quality-of-implementation issue". Sorry it wasn't clear. > > > The concern is that the weaker signature (that I call a token, > > > given how little of the message it is likely to cover) is more > > > easily re-used for a replay attack. > > > > I don't understand what attack you have in mind, if that attack > > involves two valid signatures from the Author Domain, the > > content-covering signature has a "good" selection of headers, > > and doesn't use the l= tag. > > The premise is that the weaker nature of the token signature (needed to > get it to survive through the mailing list) will make it more subject to > some form of replay attack that includes bad content. > > I've no idea how serious the threat is, but it's certainly a > mathematically legitimate concern. Yes, I understand that, but I don't see mathematical legitimacy without an invalid/missing content-coveting signature in the picture (unless users at the Author Domain have been suborned by the abusers). So I don't understand why your analysis is limited to the two-valid- signatures case, which doesn't have an "interesting" failure mode as far as I can see. Mathematically, a crappy implementation could indeed choose to reject because of the presence of a token signature, despite the presence of a valid content-covering signature. But the answer is "Well, if that hurts, don't do it." _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
