ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Not exactly not a threat analysis

2005-08-15 02:20:28
From: "Dave Crocker" <dhc(_at_)dcrocker(_dot_)net>

I'm suggesting some minor changes, only to tighten it up a bit:

 There is nothing in an ordinary email message, except for the RCPT TO
line
 and the IP address of the host that sent it to you, that is a reliable
 identifier.

I don't see how the RCPT TO is a "reliable identifier."

 A validated DKIM signature lets you take some reasonable subset
 of the message you received and know that it came from a designated
source.
 The main benefit of DKIM is that a validating agent can know where the
 message came from. This is more reliability than email source
 identification has ever had before.

How do folks feel about this characterization of DKIM?

IMO, the only real assertion one can make with DKIM is:

    The main benefit of DKIM is that a validating agent
    can know which domain signed it.

I don't see any other assertion that can be made. DKIM, as is, basically
says:

   VALIDATED MAIL = DATA + SIGNATURE + DNS DOMAIN PUBLIC KEY

There is nothing in there that says:

    - Who actually wrote the message?
    - Who actually sent the message?

However, one can presume a correlation exist between the REAL person who
wrote or sent the
message and the domain who signed it and this presumption is increase when
the signing headers include the headers From:, To:, and possibly Sender:.

But I don't think it is correct to say that the REAL PERSON matches any of
the originating address information and/or that the Author had all the
intention to send mail to the target recipient in a non-random fashion.

So a mailing list server or bulk distribution can create a thousand DKIM
signed message distribution each with unique signatures, random and/or bad
From: local part addresses and the each 1000 members will only verifier that
it did come that mailing list or bulk mail server domain.

Cool?  Sure maybe, the mail integrity and domain is authenticated.

But the From: is still random or bad. The author doesn't exist.

Even then, it is better than before?

- Same spoofing problem exist.

- If MUAs are trained to display "This message is DKIM safe", this could
give
  spammed users a false illusion of increased value mail.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com






_______________________________________________
ietf-dkim mailing list
&lt;http://dkim.org&gt;