No, replaying a message that happens to have a DKIM signature in it is not what we're talking about when we refer to "DKIM replay". The point of a DKIM replay attack is specifically to use a signature that continues to validate in order to get false credibility.
Barry On Wed, Jan 11, 2023 at 11:17 AM Grant Taylor <[email protected]> wrote: > > On 1/11/23 6:54 AM, Dave Crocker wrote: > > The thing that we should go out of our texts' way to make clear is that > > DKIM Replay requires that the replay attack send mail that retains DKIM > > /validation/. Not the mere reuse of the signature, but the continued > > validity of that signature, for the message being sent. A signature > > that fails is not a replay attack. > > I question that. > > I'd think that both are a replay. A signature that validates would be a > successful replay while a signature that fails is a failed replay. But > both are replays to me. > > Remember, an attack doesn't need to succeed to be considered an attack. > > > > -- > Grant. . . . > unix || die > > _______________________________________________ > Ietf-dkim mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ietf-dkim _______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
