ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Purpose and sequence for DKIM specificationand deployment

2005-08-29 16:52:48
from [Earl Hood] [Permanent Link] 
On August 29, 2005 at 13:00, Douglas Otis wrote:


I would rather see clearly defined goals rather than attractive  
phrases that appear to promise everything.  Attempts to define the  
relationship of providers with mailbox-address will be highly  
disruptive and should be avoided.  To provide a uniform level of  
protection, an opaque identifier should be added by the accountable  
domain.  This permits indirect methods to abate message replay abuse,  
author forgery, and unauthorized access.


I'm unsure how effective the opaque ID will deal with replay abuse,
but it appears to still have value for other security concerns.
For example, by the time a replay is detected and the a revocation
records is added to DNS, the damage is probably already done.

The opaque ID does allow for revocation without revoking the key,
but I am not clear about recommended opaque ID generation and usage.
It appears from your MASS reputation draft, the OID could be
tied to a specific machine of a domain.  Therefore, if the OID
is revoked, all messages signed by that system are revoked.

This can help with system compromise problems, but see little
benefit in the replay problem.  Message replay can occur without
any system compromises, and revocation of the OID can revoke
valid, non-replayed, messages.


A verified domain signature within the message  
also affords identification techniques based upon opaque identifiers  
offered by the accountable domain.  The signed header with the added  
identifier could be ancillary to techniques aimed at thwarting  
targeted spoofing of prior correspondents, for example.


It seems that the "opaque identifier" is an implementation detail
trying to address specific security concerns of the solution that
will be proposed.

It may be better to state:

  A verified domain signature within the message should facilitate
  domain-defined identification methods so domains can more easily
  deal with abuse complaints.

Your "opaque identifier" idea is one way to achieve this goal.

--ewh
_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Re: Forgery complexities, Dave Crocker
Next by Date:  Re: [ietf-dkim] Purpose and sequence for DKIM specificationand deployment, Earl Hood
Previous by Thread:  Re: [ietf-dkim] Forgery complexities, Earl Hood
Next by Thread:  Re: [ietf-dkim] Purpose and sequence for DKIM specificationand deployment, Douglas Otis
Indexes:  [Date] [Thread] [Top] [All Lists]