ietf-asrg
[Top] [All Lists]

Re: [Asrg] 6. Proposals - DNS + PKI - Yahoo's "Domain Keys"

2003-12-09 15:40:41
On Tue, Dec 09, 2003 at 04:31:20PM -0500, Yakov Shafranovich wrote:
In the USEFOR WG in the IETF, the current draft (section 7.1) addresses 
a problem of signing headers in USENET control messages by including a 
special header with the digital signature, and signing only a select set 
of headers. I think that a similar approach would probably be used here, 
but I don't really know for sure. The USEFOR draft can be found at (see 
section 7.1):

http://www.ietf.org/internet-drafts/draft-ietf-usefor-article-12.txt

I had a look at it.
The only place where they use signing is for control messages. This is
done as described in
   ftp://ftp.isc.org/pub/pgpcontrol/README.html
and it is IMHO not suitable for eMails, at least if they're not end to end.

But your underlying objection is correct - headers get changed and added 
all the time. The question would be whether that will significantly 
affect this scheme and how to deal with it. Signing a select group of 
headers AND requiring MTAs that send signed messages to have those 
headers present might be one way of it.

What I see as problem is:

Imagine a header
   X-Signature: mail.example.com; sign=439KJHD9087KJKLHKJ7LKJJLK
Now I can check back with mail.example.com and validate the sign. Fine.
A spammer can now simply use that and it will be ok for everyone.
Now I want more security. Thus I need some variable token. One
possibility would be to use a date and give messages a lifetime.
   X-Signature: mail.example.com; date=20031209-23:06:17; 
sign=439KJHD9087KJKLHKJ7LKJJLK
Now the signature would be calculated using "mail.example.com" and the
varibale part "20031209-23:06:17". If it matches "439KJHD9087KJKLHKJ7LKJJLK"
the message will be accepted. A spammer can now simply use that very
line and it will be ok for everyone, at least until some expiration
date. However that has to be at least some days to compensate for
poorly configured hosts with wrong times or for message delays on relay
SMTP servers or the like. For a spammer it is rather easy to get a
valid line that is still valid for say 5 days: subscribe to any mailinglist
and the records are delivered right to your mailbox.

I do not believe that anything that depends on signing of headers only can
solve this problem. But without it the approach is useless.
And: it MUST contain the envelope sender address in the signature to
prevent sender forging.
There is no win to know that
   mail.example.com
correctly signed the fact that the email with a sender address of
does(_dot_)not(_dot_)exist(_dot_)and(_dot_)is(_dot_)abused(_dot_)for(_dot_)spamming(_at_)yahoo(_dot_)com
 was injected via
mail.example.com. There has to be a relation between mail.example.com
and 
does(_dot_)not(_dot_)exist(_dot_)and(_dot_)is(_dot_)abused(_dot_)for(_dot_)spamming(_at_)yahoo(_dot_)com
 that provides
some kind of authorization for mail.example.com.

It is a valid objection - I believe in cryptology this would be called 
"a replay attack". One way of dealing with it is somehow authenticating 
the actual SMTP transaction, which brings us back to LMAP.

Which is IMHO quite useless, as if the actual SMTP transaction is
between the first hop and the receiver it is clear to whom I am talking
(e.g. from DNS). If it is a multi-hop connection a replay attack is a
piece of cake.

Maybe there is anybody on this list with posting priviledges to the NANOG
list and can ask for a contact to the Yahoo guys in the name of the ASRG?

        \Maex

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>