ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DKIM implementations SHOULD support replay protection (was: Re: [ietf-dkim]Re: Replay attacks and ISP business models

2005-08-08 15:18:18
from [Dave Crocker] [Permanent Link] 
 It is just that they do not provide `full`
 DKIM, but `only` DKIM without replay protection (class 2)




Amir,


I'm a bit confused.

Please cite the documentation that distinguishes "full" DKIM from "class 2" 
DKIM.  I have never heard this distinction before.

I thought that there was exactly one DKIM and that it provided a single 
mechanism for authenticating an identity associated with a message body and 
selected RFC2822 headers.

I do not recall DKIM's pursuing the topic of replay, except to protect against 
someone modifying an authenticated message and resending it.  (That is, 
fraudulent content, rather than merely re-sending the same, validated content 
to 
new addresses.)

DKIM clearly does not protect against re-sending to different RFC2921.rcpt-to 
headers.

So I'm quite confused about the nature of this thread, since it seems to go 
considerably beyond the stated goals and capabilities of DKIM.


  d/
  ---
  Dave Crocker
  Brandenburg InternetWorking
  +1.408.246.8253
  dcrocker  a t ...
  WE'VE MOVED to:  www.bbiw.net




_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Replay isn't the problem, spam is the problem, Douglas Otis
Next by Date:  Re: [ietf-dkim] Replay isn't the problem, spam is the problem, Amir Herzberg
Previous by Thread:  Re: [ietf-dkim] Replay isn't the problem, spam is the problem, Douglas Otis
Next by Thread:  Re: [ietf-dkim] Re: Replay attacks and ISP business models, Amir Herzberg
Indexes:  [Date] [Thread] [Top] [All Lists]