Re: Spoofing revisited

Ok, clearly we need better text here. I have proposed some in "SSP - whento perform". Will that work?


--
Arvel

----- Original Message -----From: "Earl Hood" <earl(_at_)earlhood(_dot_)com>

To: "'ietf-mailsig'" <ietf-mailsig(_at_)imc(_dot_)org>
Sent: Wednesday, July 27, 2005 11:47 PM
Subject: Re: Spoofing revisited


On July 28, 2005 at 15:48, "James Scott" wrote:

| Sender Signing Policy Checks MUST be based on the Originator Address.
| If the message contains a valid signature on behalf of the Originator
| Address no Sender Signing Policy Check need be performed: the verifier
| SHOULD NOT look up the Sender Signing Policy and the message SHOULD
| be considered non-Suspicious.
|
| Verifiers checking messages that do not have at least one valid
| signature MUST perform a Sender Signing Policy Check by doing a DNS
| query to the domain specified by the Originator Address.

If the policy specified by the domain of the "From:" address states
that third party signatures were not to be accepted, then the signature
would not verify.


No where in the SSP draft does it require an SSP check if the
signature validates.  The following statement,

 "Sender Signing Policy Checks MUST be based on the Originator Address."

Only states that if an SSP check is to be done, it must be done
against the Originator Address.  It says nothing about if a check
should be done.

Then,

 "If the message contains a valid signature on behalf of the
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^
  Originator Address no Sender Signing Policy Check need be performed:
                     ^^                       ^^^^^^^^^^^^^^^^^^^^^^^
  the verifier SHOULD NOT look up the Sender Signing Policy and the
               ^^^^^^^^^^^^^^^^^^
  message SHOULD be considered non-Suspicious."

No where in this prose does it *require* for a verifier to perform
a DNS query for the SSP for the Originator Address if the signature
is valid.  It explicitly states it should not be done.

The only time a SSP lookup is required is,

 "Verifiers checking messages that do not have at least one valid
                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  signature MUST perform a Sender Signing Policy Check by doing a
  ^^^^^^^^^                                               ^^^^^^^
  DNS query to the domain specified by the Originator Address.
  ^^^^^^^^^

A SSP check is *only required* if there is an invalid signature.

No where is the SSP draft does it state that an SSP check must be
done if the signature is valid.

If I am misreading something, please correct my interpretation,

--ewh

<Prev in Thread]	Current Thread	[Next in Thread>
Spoofing revisited, Earl Hood Re: Spoofing revisited, Arvel Hathcock Re: Spoofing revisited, Arvel Hathcock Re: Spoofing revisited, Earl Hood Re: Spoofing revisited, william(at)elan.net Re: Spoofing revisited, Arvel Hathcock RE: Spoofing revisited, James Scott Re: Spoofing revisited, Earl Hood Re: Spoofing revisited, Arvel Hathcock <= RE: Spoofing revisited, James Scott

Previous by Date:	Re: revised Proposed Charter, domainkeys-feedbackbase02
Next by Date:	Re: alternate key server mechanisms, John Levine
Previous by Thread:	Re: Spoofing revisited, Earl Hood
Next by Thread:	RE: Spoofing revisited, James Scott
Indexes:	[Date] [Thread] [Top] [All Lists]