Hector,
I believe all of these are threats against DKIM and could possibly
help to flesh out the security considerations section. My comments
are in-line:
On Aug 12, 2005, at 8:15 AM, Hector Santos wrote:
Threats:
- Adversary gains unauthorized access to domain private key
- Internal thief (black market) of domain private key
This is seems to be along the lines of Section 9.2, though that
section seems to talk mostly about user keys being compromised.
Perhaps that section can be broken into two subsections: one on
malware and user keys, and a second with an emphasis on protecting
private keys under the control of sysadmins.
- Adversary compromises MUA DKIM signers
See above.
- Adversary attack against non-DKIM community
- Invalid DKIM Spoofing
- Relaxed Policy DKIM Spoofing (High Threat)
I don't understand this.
- Adversary removal of signatures
Does this mean that a party relaying the message removes the signature?
- Adversary adds "This is a DKIM Safe Message" to body.
- New Social Engineering issues
This should probably be mentioned in Section 9. I'm not sure there
is anything that can be done about it, though.
- Adversary increases DKIM transaction frequency
I believe this is the point of Section 9.7.
- Adversary increases DKIM payload
Is this different from Section 9.1?
- Adversary promotes BOUNCE attacks
I don't think this is an attack specific to DKIM.
- Adversary attacks known 3rd party servers
Another good point for Section 9.2. If you have a third party doing
some signing on your behalf, it would be worth it to make sure they
have good practices around protection of the key.
- Signers who do not honor OA SSP
I don't understand how this is an attack on DKIM.
- Agents modify email content
I would put this in the "feature" category.
Thanks.
-andy
_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim