Re: [Ietf-dkim] DKIM replay mitigations

2022-10-21 Thread Wei Chuang
I've fixed up the RFC references in 01 draft of https://datatracker.ietf.org/doc/draft-chuang-replay-resistant-arc/ As to the DKIM replay definition question, Murray noted that the DKIM RFC (RFC6376) already says something about DKIM replay as when they were writing it, they had suspected it

Re: [Ietf-dkim] DKIM replay mitigations

2022-10-04 Thread Alessandro Vesely
On Tue 04/Oct/2022 02:01:12 +0200 Scott Kitterman wrote: Many normal email operations seem difficult to distinguish from the case you are trying to address. Signing fields in the envelope may be enough to break replaying, although it would have other negative consequences. Scott is right.

Re: [Ietf-dkim] DKIM replay mitigations

2022-10-03 Thread Scott Kitterman
At least as I read it, I don't think you are describing the same issue as RFC 8376, Section 8.6. It describes the concern as "banking on the reputation of the signing domain (e.g., a large popular mailbox provider) rather than its own". I believe that's meant to describe an unaligned (in a

Re: [Ietf-dkim] DKIM replay mitigations

2022-10-03 Thread Wei Chuang
I've uploaded a draft describing for a specification that tackles the concepts listed below: https://datatracker.ietf.org/doc/draft-chuang-replay-resistant-arc/ Feedback welcome. (Apologies for the formatting in advance as its a first draft) -Wei On Mon, Aug 22, 2022 at 2:53 PM Wei Chuang

Re: [Ietf-dkim] DKIM replay mitigations

2022-08-25 Thread Alessandro Vesely
On Thu 25/Aug/2022 01:36:21 +0200 Wei Chuang wrote: On Tue, Aug 23, 2022 at 11:07 AM Alessandro Vesely wrote: On Mon 22/Aug/2022 23:53:16 +0200 Wei Chuang wrote: All the while, using ARC as a framework may allow future support for another long standing issue, which is working on message

Re: [Ietf-dkim] DKIM replay mitigations

2022-08-24 Thread Wei Chuang
On Tue, Aug 23, 2022 at 11:07 AM Alessandro Vesely wrote: > On Mon 22/Aug/2022 23:53:16 +0200 Wei Chuang wrote: > > All the while, using ARC as a framework may allow future support for > > another long standing issue, which is working on message modification > while > > forwarding, in particular

Re: [Ietf-dkim] DKIM replay mitigations

2022-08-23 Thread Alessandro Vesely
On Mon 22/Aug/2022 23:53:16 +0200 Wei Chuang wrote: All the while, using ARC as a framework may allow future support for another long standing issue, which is working on message modification while forwarding, in particular for mailing lists.  The proposal draft-kucherawy-dkim-list-canon-01

[Ietf-dkim] DKIM replay mitigations

2022-08-22 Thread Wei Chuang
Hi, One of the known security challenges in DKIM is its vulnerability to replay attacks as already mentioned in Security Considerations section 8.6 , and has been raised at recent M3AAWGs as a significant challenge. I'd