On 15/11/22 23:30, Alessandro Vesely wrote:
On Mon 14/Nov/2022 19:29:10 +0100 Evan Burke wrote:
> On Mon, Nov 14, 2022 at 8:03 AM Alessandro Vesely <[email protected]> wrote:
>
>>> The exception is a standardised mechanism to allow a sender/signer to
>>> indicate the [approximate] number of intended recipients, with which
>>> receivers might make fact-based decisions about when to recognise an
>>> instance of this particular attack
>>
>> For a mailing list, this is totally out of reach, unless the MLM itself
>> is the (ARC) signer. Even then, when the MLM knows there are 1000
>> subscribers, should it extract the average per domain weight? I mean if
>> 500 are @gmail.com and just 1 is @tana.it, should it extract the right
>> figures for each receiver or send a rough total, which smaller mailbox
>> providers cannot use? >>
> I disagree, this is perfectly fine. Approximate counts - even with an order
> of magnitude margin in some cases - would be an effective deterrent against
> large-scale replay attacks like what we've seen in the past year, where
> there could be 10s of millions of replays of a single message signature.
I don't get it. For sending, I don't know how many subscribers are there in
ietf-dkim. How could I sign an approximate number of recipients in this
message?
You don't, you only sign based upon the number that you're aware of. The
MLM might reasonably additionally sign — with ARC/DKIM — based upon the
number of recipients that it has expanded to. Sifting the clues is the
receiver's problem, the point is to at least make those clues available
to the receiver to sift.
For receiving, I don't recall receiving millions of identical messages, not
even hundreds. Perhaps I received a few ones of those —any further details on
that attack would be appreciated. How could I have used a numerical
indication, if it had been available at the time?
If you're not the target of the attack, then the mitigation won't be of
much use to you.
I'd suggest that it's self-evident that any statistical protection
against replay attacks is only valuable to receivers who are receiving
lots of them, or who are exchanging data with other receivers who are
doing so collectively (typically via an intermediary data provider).
- Roland
_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
