On Sun, Feb 12, 2023 at 12:16 PM Dave Crocker <d...@dcrocker.net> wrote:
> There appears to be no perfect way to distinguish a Replay attack from a > legitimate re-posting by an Alias or even a Mailing list (that preserves > the original DKIM signature.) > > The only 'signal' that is valid, also is ambiguous. The signal is that > the rfc5321.Mail command has an address that is not in any of the > rfc5322 address fields. The ambiguity, of course, is that that's also > true for Alias. > > I'm wondering about designing some assistance by the author's platform > and the Aliasing platform, to flag what they've done. > > Imagine adding a header field like "Separate-Envelope:", possibly > listing the domain name of the site putting the flag there, and having > them add a DKIM signature to cover it and the rest of the message. > Interesting. Would this work if it passes through more than one layer of aliasing? That is, can this work if "Separate-Envelope" appears more than once? Do they all have to be signed, order preserved, etc.? -MSK
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
