On 6/20/2020 11:53 AM, John Levine wrote:
It would be nice if you'd looked at my conditional signing drafts
before guessing (wrong) about what they say.
Here's the 2014 version:
https://datatracker.ietf.org/doc/draft-levine-may-forward/
And the improved 2018 version:
https://datatracker.ietf.org/doc/draft-levine-dkim-conditional/
Does this mean, the author, nows support and is going to champion his
proposal?
I seem to recall in 2014, the author citing a lack of interest to
pursue this and felt it would cause problems. As stated in the 2014
security conditions, he wrote:
6. Security Considerations
DKIM was designed to provide assurances that a message with a valid
signature was received in essentially the same form that it was sent.
The forwarding signature condition deliberately circumvents that
design, to create a loophole for messages intended to be forwarded by
entities that edit the message. It opens up a variety of obvious
replay attacks that may or may not be important depending on both the
selection of target domains for messages to be forwarded, and the
behavior of forwarders that receive messages with conditional
signatures.
I felt then it was another "poison pill" to kill the 3rd party
authorization effort. I was not impressed but this so I putted on the
proposal.
Now I read in the improved 2018 version:
6. Security Considerations
DKIM was designed to provide assurances that a message with a valid
signature was received in essentially the same form that it was sent.
The forwarding signature condition deliberately creates a loophole
for messages intended to be forwarded by entities that edit the
message. It opens up a variety of obvious replay attacks that may or
may not be important depending on both the selection of target
domains for messages to be forwarded, and the behavior of forwarders
that receive messages with conditional signatures.
A sender can limit the conceptual size of the loophole by being
selective about what other domains it allows in its !fs tags, and by
using the x= tag to limit the time during which forwarded signatures
are valid.
If the author still believes this loophole exist, why are we bothering?
--
Hector Santos,
https://secure.santronics.com
https://twitter.com/hectorsantos
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc