ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

DKIM implementations SHOULD support replay protection (was: Re: [ietf-dkim]Re: Replay attacks and ISP business models

2005-08-08 07:24:19
from [Amir Herzberg] [Permanent Link] 
John R Levine wrote:

Class 3 (`full` DKIM) - Signed (DKIM) mail with replay/destination
protection. Here, the destination is signed (or just a hash of the
destination, possibly using hash tree, for privacy and efficiency).
Mailing lists and other forwarding services will need special
DKIM-enhancements to provide this DKIM service.



Eeewww.  When the SPF crowd said that every mail forwarder in the world
would have to be upgraded to rewrite the envelope to work around a flaw in
SPF's design, we all threw rotten tomatoes at them.

Surely you do not want to send DKIM down the same road.
Of course not. Existing mailing lists and other forwarders can happily exist in DKIM world as-is. It is just that they do not provide `full` DKIM, but `only` DKIM without replay protection (class 2) - which is the _only_ option we'll have, if we don't provide the (optional) replay protection.
Actually, I'm not precise here, since forwarders could also provide `full` DKIM (with replay protection) by simply signing their messages - i.e., taking responsibility for them (and using their favorite mechanisms to deal with bad senders/subscribers). Again, of course, this is optional.
The point is that replay protection is _critical_ for automated reputation and compensation mechanisms. So it would be a real loss if DKIM does not allow replay protection, which will work fine in many cases, e.g. without forwarding. OTOH, I agree that we should not require recipients to discard incoming mail just because it is not replay-protected. Recipients still have DKIM guarantee of origin in this case, and can decide whether they are willing to take the replay-risk based on the sending MTA identity, reputation, etc.
I admit this is some added complexity. I even agree that in the desire to KISS, we may prefer to make support for it optional (MAY/SHOULD not MUST). But it seems to me that we should make a goal of DKIM supporting (optional) replay protection. Unless there is some reason I'm missing. 

--
Best regards,

Amir Herzberg

Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try TrustBar - improved browser security UI: http://AmirHerzberg.com/TrustBar Visit my Hall Of Shame of Unprotected Login pages: http://AmirHerzberg.com/shame 
_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Re: Replay attacks and ISP business models, John R Levine
Next by Date:  [ietf-dkim] Re: MASS/DKIM BOF Summary, Dave Crocker
Previous by Thread:  Re: [ietf-dkim] Re: Replay attacks and ISP business models, John R Levine
Next by Thread:  [ietf-dkim] Replay isn't the problem, spam is the problem, John R Levine
Indexes:  [Date] [Thread] [Top] [All Lists]