I don't know what other people have decided off in spec land to call this, but here what I'm seeing is somebody taking a message, adding headers (or not), re-injecting the message to another recipient, it being received with DKIM signature intact, that's DKIM replay. I'm sort of boggling at the attempt to keep potential header changes and DKIM oversigning out of the exploit definition and potential solution consideration. I just don't think it makes sense to exclude this. If I were going to nit pick, I guess I'd say that RFC 6376 section 8.6 doesn't seem to be specific enough to exclude any of this from the definition of DKIM replay; it says nothing yay or nay about the potential for additional headers. And I think that's fine, as exploits evolve and it would be limiting to have done otherwise.
Cheers, Al Iverson -- Al Iverson / Deliverability blogging at https://www.spamresource.com Subscribe to the weekly newsletter at https://ml.spamresource.com DNS Tools: https://xnnd.com / (312) 725-0130 / Chicago (Central Time) _______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim