Re: [dmarc-ietf] Mediation and controlled forwarding

Sat, 20 Jun 2020 17:52:49 -0700 

On 6/20/2020 11:53 AM, John Levine wrote:


It would be nice if you'd looked at my conditional signing drafts
before guessing (wrong) about what they say.

Here's the 2014 version:

https://datatracker.ietf.org/doc/draft-levine-may-forward/

And the improved 2018 version:

https://datatracker.ietf.org/doc/draft-levine-dkim-conditional/



Does this mean, the author, nows support and is going to champion his 
proposal?



I seem to recall in 2014, the author citing a lack of interest to 
pursue this and felt it would cause problems. As stated in the 2014 
security conditions, he wrote:


6.  Security Considerations

   DKIM was designed to provide assurances that a message with a valid
   signature was received in essentially the same form that it was sent.
   The forwarding signature condition deliberately circumvents that
   design, to create a loophole for messages intended to be forwarded by
   entities that edit the message.  It opens up a variety of obvious
   replay attacks that may or may not be important depending on both the
   selection of target domains for messages to be forwarded, and the
   behavior of forwarders that receive messages with conditional
   signatures.


I felt then it was another "poison pill" to kill the 3rd party 
authorization effort. I was not impressed but this so I putted on the 
proposal.


Now I read in the improved 2018 version:

6.  Security Considerations

   DKIM was designed to provide assurances that a message with a valid
   signature was received in essentially the same form that it was sent.
   The forwarding signature condition deliberately creates a loophole
   for messages intended to be forwarded by entities that edit the
   message.  It opens up a variety of obvious replay attacks that may or
   may not be important depending on both the selection of target
   domains for messages to be forwarded, and the behavior of forwarders
   that receive messages with conditional signatures.

   A sender can limit the conceptual size of the loophole by being
   selective about what other domains it allows in its !fs tags, and by
   using the x= tag to limit the time during which forwarded signatures
   are valid.

If the author still believes this loophole exist, why are we bothering?


--
Hector Santos,
https://secure.santronics.com
https://twitter.com/hectorsantos


_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc






















					Reply via email to