Douglas Otis wrote:
---[C: Unreasonable estimate of impact from a highly probable exploit.]
,---
| 4.1. Attacks Against Message Signatures
| ...
| Signed message replay | Low | High |
'---
This should read:
: Signed message replay | Very High | High |
How was this problem rated?
I guess Jim just used his judgment in the expectation that the WG
will review and come to consensus - which is quite the proper thing
to be doing IMO.
Also - there's no "Very High", most risk analysis approaches (that
don't try to sell you over-exactness) just use high/medium/low. So
we can interpret you as asking for "High" in the impact column for
4.1.5.
> Any large domain has a continuous
background of abuse being sent. In some cases, this abuse may represent
tens of thousands of compromised systems. Any list-server is also
prone, as there is no practical means to screen participants or expect
effective outbound filters when the number of messages do not reflect
the overall traffic until used in the replay. Out of the millions of
valid users within these domains, rate limiting has ensured these
abusive systems represent a smaller percentage of the overall outbound
email in most cases. When used in conjunction with a replay strategy,
rate limits will not remain effective, and yet the signature still
remains valid.
Once the DKIM signature has any acceptance value, expect this problem to
become paramount.
That doesn't make too much sense to me I'm afraid. (But since things
seem to work quicker/better when we do this: let's do it again:-)
Exactly what change are you proposing, other than s/Low/High/ above?
Stephen.
_______________________________________________
ietf-dkim mailing list
http://dkim.org