ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] New DKIM threat analysis draft

2005-10-05 23:16:36
from [Amir Herzberg] [Permanent Link] 
Jim Fenton wrote:
I have just submitted a new threat analysis of DKIM as an Internet Draft. Hopefully this will form the basis for a meaningful discussion on the utility and effectiveness of DKIM that were voiced at the last BoF. 

I think it is very good.
I have only one real reservation. In section 6.3, discussing the message replay attack, esp. in 2nd paragraph... It is presented as if DKIM cannot be applied against replay since replay is indistinguishable from acceptable acts e.g. forwarding. This is not necessarily true. A legitimate application of DKIM may require senders to indicate specific recipient; this would allow replay prevention, of course in the price of requiring additional support to deal with legitimate forwarding. I'm not suggesting DKIM should be modified to support that, indeed this is not required at DKIM level at all, but I think the text now seems to exclude this usage, and this should be fixed imho. 

Here are few additional, minor comments:
1. You use the term `zombie` without definition in p. 2, then `compromised computers` later (in 5.1)... pick one; my suggestion: use `zombie` and in the first use, add `(compromised computers)`. 

2. First paragraph of 4.1: I think should be clarified.

3. First sentence of 4.3: s/with/within/
4. Last paragraph of 4.3: this is only MTA-MTA or MTA-MDA authentication, so I think we should explicitly recommend cryptographic authentication of submitting MTA, e.g. using SSL or IP-Sec. Or do you really think SMTP AUTH is better here?
5. In 5.2.1: last sentence is imho misleading. Such malware usually/often does not use the email address of the owner of the infected machine, but selects other email addresses as sender, to avoid detection. In this case, DKIM may help. I also think the term `malware` is better than `worm` here. 

--
Best regards,

Amir Herzberg

Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try TrustBar - improved browser security UI: http://AmirHerzberg.com/TrustBar Visit my Hall Of Shame of Unprotected Login pages: http://AmirHerzberg.com/shame 
_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] draft-fenton-dkim-threats-00, Douglas Otis
Next by Date:  Re: [ietf-dkim] draft-fenton-dkim-threats-00, Eliot Lear
Previous by Thread:  Re: [ietf-dkim] New DKIM threat analysis draft, John Levine
Next by Thread:  Re: [ietf-dkim] New DKIM threat analysis draft, John Levine
Indexes:  [Date] [Thread] [Top] [All Lists]