Jim Fenton wrote:
For "countermeasures", I'd like to declare out-of-scope the
use of independent mechanisms such as SPF and CSV; I think
those apply more-or-less equally to all.
Add DNSBLs and MTAMARK for a more or less complete 2821-zoo ;-)
That's kind of obvious, only independent 2822 mechanisms like
PRA could muddy the water.
In addition, I'd like to include a chart of threats with
their likelihood and impact rated as High/Medium/Low.
It depends on how good DKIM will work (overall from a user's
POV behind DKIM checks). If it works really good the attackers
will try everything to get some kind of "PASS" (bogus or true).
They will try to get a zombie before the "signing agent" or
behind the "checking agent". If that fails they will pretend
to have managed it anyway, with a "PASS" for their very own
"eboy" domain of the day
High: All users of DKIM should expect this attack on a
eboy is high. Impact medium (?). Nothing new or special if
it's clearly documented everywhere.
Medium: Users of DKIM should expect this attack occasionally
Zombie behind the "checking agent" could be medium, it depends
on how that's organized by the receving network, some TBD way
to report results (e.g. header field and what MUAs do with it).
Low: Attack is expected to be rare and/or very infrequent
Zombie "inside" ebay's network before the "signing agent" is
FUBAR, and it would kill ebay. Sooner or later somebody will
manage to commit net suicide with DKIM => impact lethal, not
in the meantime, be thinking of attacks.
ietf-dkim mailing list