---[C: Unreasonable estimate of impact from a highly probable exploit.]
,---
| 4.1. Attacks Against Message Signatures
| ...
| Signed message replay | Low | High |
'---
This should read:
: Signed message replay | Very High | High |
How was this problem rated? Any large domain has a continuous
background of abuse being sent. In some cases, this abuse may
represent tens of thousands of compromised systems. Any list-server
is also prone, as there is no practical means to screen participants
or expect effective outbound filters when the number of messages do
not reflect the overall traffic until used in the replay. Out of the
millions of valid users within these domains, rate limiting has
ensured these abusive systems represent a smaller percentage of the
overall outbound email in most cases. When used in conjunction with
a replay strategy, rate limits will not remain effective, and yet the
signature still remains valid.
Once the DKIM signature has any acceptance value, expect this problem
to become paramount.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org