DKIM implementations SHOULD support replay protection (was: Re:
[ietf-dkim]Re: Replay attacks and ISP business models
Dave Crocker
dhc at dcrocker.net
Mon Aug 8 15:15:10 PDT 2005
> It is just that they do not provide `full`
> DKIM, but `only` DKIM without replay protection (class 2)
Amir,
I'm a bit confused.
Please cite the documentation that distinguishes "full" DKIM from "class 2"
DKIM. I have never heard this distinction before.
I thought that there was exactly one DKIM and that it provided a single
mechanism for authenticating an identity associated with a message body and
selected RFC2822 headers.
I do not recall DKIM's pursuing the topic of replay, except to protect against
someone modifying an authenticated message and resending it. (That is,
fraudulent content, rather than merely re-sending the same, validated content to
new addresses.)
DKIM clearly does not protect against re-sending to different RFC2921.rcpt-to
headers.
So I'm quite confused about the nature of this thread, since it seems to go
considerably beyond the stated goals and capabilities of DKIM.
d/
---
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker a t ...
WE'VE MOVED to: www.bbiw.net
More information about the ietf-dkim
mailing list