John Levine wrote in <20240119192026.dedff8104...@ary.qy>: |It appears that Evan Burke <evan.s.bu...@gmail.com> said: |>> Insisting on using the same term for these two different cases has an |>> academic purity to it, but has already been demonstrated to be destructi\ |>> ve |>> in practical terms, because it creates confused discussion. | |>No, that's exactly backwards. The oversigning case is a subset of the |>general DKIM replay case, because mitigation techniques for general DKIM |>replay - they do exist, though they are imperfect - also apply to cases |>where header addition has taken place. Oversigning is a defense against \ |>the |>subset of DKIM replay where headers have been added, but not the general |>case. | |I think you've rather proved Dave's point. Resending the identical |message and mutating a signed message with duplicate headers are |different problems even though they have some technical overlap. | |I don't really care what people call them but it would be nice if they
(Seems like "seal"ing would be a better term than "oversign"ing.) |had different names so we don't have to use six round trip messages |each time to figure out which one we're referring to. | |Pretty much everywhere except this mailing list "DKIM Replay" means |the former, resending the identical message. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
