On 1/5/2023 11:03 AM, Wei Chuang wrote:
1. The motivation for the current effort has been exploitation of
re-posting to exploit a DKIM reputation.
2. Are there any other kinds of replay scenarios that are an issue
now?
I suspect there aren't.
While not exactly ARC replay, we've seen recently that spammers are
exploring munging the ARC headers. One campaign had them swapping a
complete ARC header set into another message. In another they added
an incomplete set. Consequently we're worried about the spammers
exploiting ARC vulnerabilities.
There are some possibilities this suggests.
1. We could seek to explore and counter-act all (or a wide range) of
replay scenarios, independent of their type or actual presence. That
is, both replays that are present in the wild and replays that are
merely deemed possible, no matter how or why they do or might occur.
2. We could focus only on the know replay efforts so far, independent of
type or degree of threat.
3. We could focus only on known, significant replay efforts.
4. and so on...
Of these, only 4 ensures focused, pragmatic efforts, where there is
actual pressure to find a remedy sooner rather than later.
The others seem more like research topics.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
mast:@[email protected]
_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
