In article
you write:
>Do we think there's any utility to adding more message info to the AS, such
>as message-id?
Probably not. Mailing lists sometimes change the message ID, so it's not
a very useful indication of evil.
Having watched this thread, I don't see what the issue is. If a bad
guy
On Sun, Aug 20, 2017 at 6:25 PM, Bron Gondwana
wrote:
>
> Right - so how exactly does that help, given that you've modified the
> message since then? You could easily change the message-id at the same
> time. If the original DKIM-Signature still passes then sure, you can't
> modify anything. Bu
On 8/20/2017 9:25 PM, Bron Gondwana wrote:
It is protected by the original DKIM-Signature. Message-Id is pretty
high on the recommended hashed header list.
But if the original DKIM signature was lost, all bets are off and
nothing else matters unless ARC is attempting to replace DKIM which
you j
On Mon, 21 Aug 2017, at 10:04, Hector Santos wrote:
> On 8/20/2017 7:47 PM, Bron Gondwana wrote:
>> On Mon, 21 Aug 2017, at 09:34, Hector Santos wrote:
>>> On 8/18/2017 8:53 PM, Bron Gondwana wrote:
>>>
>>> ...
>>>
>>> And the message still arrives at receiver with a valid ARC
>>> chain, ju
On 8/20/2017 7:47 PM, Bron Gondwana wrote:
On Mon, 21 Aug 2017, at 09:34, Hector Santos wrote:
On 8/18/2017 8:53 PM, Bron Gondwana wrote:
...
And the message still arrives at receiver with a valid ARC
chain, just
via badsite.com instead of site3.com.
The same receiver? If so
On Mon, 21 Aug 2017, at 09:34, Hector Santos wrote:
> On 8/18/2017 8:53 PM, Bron Gondwana wrote:
>
>> ...
>>
>> And the message still arrives at receiver with a valid ARC
>> chain, just>> via badsite.com instead of site3.com.
>
> The same receiver? If so, wouldn't this be a duplicate message wh
On 8/18/2017 8:53 PM, Bron Gondwana wrote:
...
And the message still arrives at receiver with a valid ARC chain, just
via badsite.com instead of site3.com.
The same receiver? If so, wouldn't this be a duplicate message when
the same receiver can see the same 5322.Message-Id?
--
HLS
___
Can you do that and it's still possible to validate that site2 signed it?
Brandon
On Aug 18, 2017 5:53 PM, "Bron Gondwana" wrote:
> So this is an interesting case that I'd like to spin into a separate
> thread.
>
> At the moment, ARC headers are purely additive. You receive a message
> with so
So this is an interesting case that I'd like to spin into a
separate thread.
At the moment, ARC headers are purely additive. You receive a message
with some ARC headers on it, you add some more on top and send it on.
AR: arc=pass, ... // at receiver
AS: i=3; cv=pass, d=site4.com
AMS: i=3; d=site4