ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?

2005-08-17 22:59:27
from [Earl Hood] [Permanent Link] 
On August 17, 2005 at 22:07, Jim Fenton wrote:


Let's say example.org knows nothing about DKIM or has not adopted
it yet.  EXAMPLE.com is operated by questionable folks, and they
know example.org does not have any SSP records defined.  EXAMPLE.com
defines _domainkey.EXAMPLE.com records to contain valid signer
public keys.

EXAMPLE.com sends out messages signed by EXAMPLE.com, but places
an example.org address in the rfc2822.From.

When a DKIM verifier, "V", receives the message, the signature
validates cryptographically (remember, the signer public key is
retrieved from EXAMPLE.com).  The verifier now checks the OA SSP by
query example.org's nameserver.  The query returns no record available.

What verification status should V return?



V should say that the message is signed by a third party.


I think this is dangerous behavior.

What value is there to the recipient stating that the the message was
signed by a third-party.  DKIM should not facilitate spoofing, and
the example I gave, spoofing is the intent.  There is a danger that
giving _any_ positive verification of the signature can legitimize
the message in the recipient's mind.

If no SSP record is defined, "never signs" should be assumed (note
the current SSP draft does support a "never signs" policy).  This will
prevent malicious domains from exploiting any "trust" DKIM generates
in order to spoof identities.

Care must be taken to insure DKIM does not facilitate malicious
behavior.


After all, 
it's possible that someone at example.org uses a mailing list hosted by 
example.com, which might have a good reason to sign a message.


Someone at example.org may not know what EXAMPLE.com does, so
they should not be adversely affected by the application of DKIM
by EXAMPLE.com.

Also, DKIM does not support the benevolent scenario you mention
very well.  Since the validity of a signature is determined by the
OA's SSP, a mailing list cannot add a signature if the SSP forbids
third-party signing (which may be common for security reasons).

Therefore, entities like mailing lists, forwarders, secondary
mail exchanges, et. al. will be prevented from signing messages
to provide a verifiable trace of a message and/or to indicate,
"Here is what I saw".

--ewh
_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Jim Fenton
Next by Date:  Re: [ietf-dkim] DKIM Threat Analysis v0.06, Arvel Hathcock
Previous by Thread:  Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Jim Fenton
Next by Thread:  Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Jim Fenton
Indexes:  [Date] [Thread] [Top] [All Lists]