Frank Ellermann wrote:
True; I mentioned it because I think SIDF could also be used to address replay issues.Jim Fenton wrote: That's a good point, I should probably say something about that. It's true that a lot more effective things can be done if the identity associated with the signature can be made visible to the recipient. But that requires MUA changes, and there's no way to mandate that.DKIM is no FUSSP, there will be legit domains that don't use DKIM for at least years. The bad actors would then forge its addresses, sign it with their own throw-away domains, and naive users (5.1 + 6.2) could then erroneously "think" that they got a PASS "for" the forged identity. But they only got an "accountable signature", in the case 5.1 (repeated in 6.2) that means that an abuse report won't hit an innocent bystander. I expect that we'll be tightening canonicalization in the next revision of the base draft, and hopefully that will be sufficient for the threat analysis for now.So far that's 100% the same as SPF. Maybe you should mention that DKIM can be checked everywhere (not only at the "border") as long as nobody manipulates the DATA. Resulting in a minor "threat" of FPs behind many mailing lists => users intending to act on invalid signatures should white list these lists. Details about the funs of FWS canonicalization are probably unnecessary for your threat analyis, it's too special, and besides I hope that it can be solved for many relevant cases. -Jim |
_______________________________________________ ietf-dkim mailing list http://dkim.org
