ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?

2005-08-22 10:42:24
from [Douglas Otis] [Permanent Link] 

On Aug 22, 2005, at 8:35 AM, Scott Kitterman wrote:
To summarize, you think that SSP is dangerous, won't do what it's proponents claim, and can't be fixed. Thus SSP and it's ilk shouldn't be dealt with by the working group. You believe that there are other, better ways to solve whatever problem it is that you are trying to solve.
I, and I believe others, think that SSP is essential and that while DKIM signatures alone may have some value, the marginal utility for DKIM absent some expression of sender policy is low.
I don't think this adequately restates my view. For example, the draft for the CSA record provides for domain-wide assertions that demand out bound servers within the domain must have a CSA record. This assertion is not tied to a mailbox-address, nevertheless the assertion provides actionable value. 

http://www.mipassoc.org/csv/draft-ietf-marid-csv-csa-02.html
The same type of domain-wide assertion, in the same manner, would be possible without imposing a requirement that the signature be bound to a header. A new domain-wide assertion (even perhaps by a CSA record) could be that any domain's signature is demanded within this domain. The CSA assertion could also indicate signatures by the domain itself are demanded within this domain.
HELO verification could be considered a weaker form of DKIM verification, but which can not be securely carried forward within the message. HELO verification, in addition to being able to mitigate subsequent lookups for domain-wide assertions, also provides a significant level of DoS resistance not available with a signature. HELO verification by a CSA record could also mitigate a need to do DKIM revocation checks.
The difference of opinion is really whether there is value binding domain-wide assertions to mailbox-addresses. This binding of mailbox- addresses would be of little use once an "accountable domain" is available and can be seen by recipients, or used with manual filtering rules. Attempts to bind signatures through domain-wide assertions with mailbox-addresses will create unintended administrative issues sure to stifle DKIM acceptance, rather than acting as motivation. 


-Doug

_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore
Next by Date:  Re: [ietf-dkim] Not exactly not a threat analysis, Tony Finch
Previous by Thread:  Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Scott Kitterman
Next by Thread:  Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Scott Kitterman
Indexes:  [Date] [Thread] [Top] [All Lists]