ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

rogue DNS registrars, was Re: [ietf-dkim] Not exactly not a threat analysis

2005-08-17 12:36:36
from [George Gross] [Permanent Link] 
Hi Tony,

On Wed, 17 Aug 2005, Tony Finch wrote:


On Mon, 15 Aug 2005, George Gross wrote:


I should also point out that AFAICT a DKIM e-mail signature does not
protect against the "revolving door" signature identity problem. It
erronously presumes that all DNS registry entities are not the economic
allies or suppliers for spammers. It would be feasible for such a
registrar to automate the domain name generation process on behalf of its
spammer customers. Once such a domain name's reputation becomes tarnished,
it is discarded and the co-conspirator DNS registrar issues a new one to
take its place. I see this attack (and I suspect that there are others
that one can discover) as a fundemental problem with the proposed e-mail
security architecture.


There's a lot more information available about domain names than about IP
addresses, e.g. via whois, via the domain's NS records, etc. This
information can be used to bootstrap a reputation in a way that defends
against the use of throwaway domains by spammers.


I realize that all of that info is available. I suppose my query should
have been more accurately phrased: how does one enforce that all
registrars on the planet *always* follow these rules?

For example, could not a rogue nation state offer (e.g. under the table
via bribes or as info warfare policy) a haven for such rogue registrars?
Yes, there are Internet governance procedures to ultimately shut them
down, but wouldn't it take a long enough time to trace as to be a problem?
how long it would take to remedy if it spilled into an International court
case rather than usual DNSops procedures?

Would you end up evaluating DNS registrar whitelist/blacklists for every
public key DNS retrieval?

Unlike a traditional PKI there is no "chain of trust" to a trust anchor
for the public keys being used in the proposed DKIM signature scheme.
there is also no Internet-wide standard reputation management by which to
judge the trustworthiness of the public keys stored in the DNS.

so until there is a viable contender for that IETF standard, e-mail signed
by a domain is like a bridge with only half of it built, dangling in
space, with no plan for how to build the other half. From a security
perspective, completing that bridge leads to a defensible position. DKIM
would make alot more sense to charter once that missing plan is available
and it points to a candidate companion standard.

        George




Tony.



_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood
Next by Date:  Re: [ietf-dkim] Not exactly not a threat analysis, Arvel Hathcock
Previous by Thread:  Re: [ietf-dkim] Not exactly not a threat analysis, Tony Finch
Next by Thread:  Re: [ietf-dkim] Not exactly not a threat analysis, william(at)elan.net
Indexes:  [Date] [Thread] [Top] [All Lists]