On April 13, 2015 5:22:52 PM EDT, "Rolf E. Sonneveld" <[email protected]> wrote: >On 04/13/2015 08:21 PM, Murray S. Kucherawy wrote: >> On Mon, Apr 13, 2015 at 12:58 AM, Stephen J. Turnbull >> <[email protected] <mailto:[email protected]>> wrote: >> >> Douglas Otis writes: >> >> > If the DMARC domain fails to step up, then a reasonable >fallback >> > could require the display of the Sender header offering the >needed >> > alignment. >> >> I don't understand this. We already see that most professional >> spammers exhibit From alignment on much of their traffic. Sender >> alignment is just as easy to implement, even if we could expect >MUAs >> to conform to the "required display of Sender field". Users do >not >> understand the Sender field as far as I can tell. >> >> >> To the extent comprehensible, TPA is meant to allow author A to tell >> receiver B that mail that has C in (for example) the List-ID field >> should be treated as though it came from A. However, I concur that >it >> means an impostor can simply do what the TPA record says and thereby >> succeed; few of the properties TPA identifies are authenticated in >any >> way. It might be helpful to get alignment working through paths that > >> invalidate SPF or DKIM, but compared to the fact that it basically >> advertises how to get a "pass" in an invisible way, it's more scary >to >> me than not. Now, if that isn't the case, then I suggest the >document >> falls short of explaining how this is not an attack vector. >> >> Also, Doug insists that this is not registration, but I don't know >how >> he can claim this since it requires a DNS entry for every {A, C} pair > >> that exists which must then be queried by every B that might receive >> mail from C. Unless I'm not understanding use of the term, that's >> exactly how I believe we've been using "registration" lately, and the > >> argument on the table is that any registration scheme is basically a >> non-starter for operators for which the cardinality of AxC is or >could >> be large. > >But, if this 'registration' does not apply to the 'mandatory tag >draft', >that means that every sender will always add the weak signature + >'fs=<initial domain>' and a replay attack is reduced to breaking the >weak signature?
Yes, but the signature is weak in that it covers less of the content, not in any cryptographic sense. Far more concerning to me is that once someone has received a message with a valid 'weak' signature, the only protection against replay is Message ID tracking. Tied with short signature expiration, this may be Okay, but it needs to be explored. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
