ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] DKIM Threat Assessment v0.02 (very rough draft)

2005-08-12 07:27:16
Hector,

I believe all of these are threats against DKIM and could possibly help to flesh out the security considerations section. My comments are in-line:

On Aug 12, 2005, at 8:15 AM, Hector Santos wrote:

Threats:

 - Adversary gains unauthorized access to domain private key
 - Internal thief (black market) of domain private key

This is seems to be along the lines of Section 9.2, though that section seems to talk mostly about user keys being compromised. Perhaps that section can be broken into two subsections: one on malware and user keys, and a second with an emphasis on protecting private keys under the control of sysadmins.

 - Adversary compromises MUA DKIM signers

See above.

 - Adversary attack against non-DKIM community
     - Invalid DKIM Spoofing
     - Relaxed Policy DKIM Spoofing (High Threat)

I don't understand this.

 - Adversary removal of signatures

Does this mean that a party relaying the message removes the signature?

 - Adversary adds "This is a DKIM Safe Message" to body.
     - New Social Engineering issues

This should probably be mentioned in Section 9. I'm not sure there is anything that can be done about it, though.

 - Adversary increases DKIM transaction frequency

I believe this is the point of Section 9.7.

 - Adversary increases DKIM payload

Is this different from Section 9.1?

 - Adversary promotes BOUNCE attacks

I don't think this is an attack specific to DKIM.

 - Adversary attacks known 3rd party servers

Another good point for Section 9.2. If you have a third party doing some signing on your behalf, it would be worth it to make sure they have good practices around protection of the key.

 - Signers who do not honor OA SSP

I don't understand how this is an attack on DKIM.

 - Agents modify email content

I would put this in the "feature" category.

Thanks.
-andy
_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim