It appears that Evan Burke <[email protected]> said: >> Insisting on using the same term for these two different cases has an >> academic purity to it, but has already been demonstrated to be destructive >> in practical terms, because it creates confused discussion.
>No, that's exactly backwards. The oversigning case is a subset of the >general DKIM replay case, because mitigation techniques for general DKIM >replay - they do exist, though they are imperfect - also apply to cases >where header addition has taken place. Oversigning is a defense against the >subset of DKIM replay where headers have been added, but not the general >case. I think you've rather proved Dave's point. Resending the identical message and mutating a signed message with duplicate headers are different problems even though they have some technical overlap. I don't really care what people call them but it would be nice if they had different names so we don't have to use six round trip messages each time to figure out which one we're referring to. Pretty much everywhere except this mailing list "DKIM Replay" means the former, resending the identical message. R's, John _______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
