On Mon, Nov 14, 2022 at 8:03 AM Alessandro Vesely <[email protected]> wrote:
> > > The exception is a standardised mechanism to allow a sender/signer to > > indicate the [approximate] number of intended recipients, with which > > receivers might make fact-based decisions about when to recognise an > > instance of this particular attack > > For a mailing list, this is totally out of reach, unless the MLM itself is > the > (ARC) signer. Even then, when the MLM knows there are 1000 subscribers, > should > it extract the average per domain weight? I mean if 500 are @gmail.com > and > just 1 is @tana.it, should it extract the right figures for each receiver > or > send a rough total, which smaller mailbox providers cannot use? > > I disagree, this is perfectly fine. Approximate counts - even with an order of magnitude margin in some cases - would be an effective deterrent against large-scale replay attacks like what we've seen in the past year, where there could be 10s of millions of replays of a single message signature. Moreover, approaches based on signature hash count or similar would be likely to use approximate count algorithms at scale. I could imagine a draft including both a count-based solution, where a deterrent is good enough, or a more granular message-level solution, where tighter controls are needed, giving signers the option to use either or both based on their needs.
_______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
