ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-dkim] Re: Review of draft-fenton-dkim-threats-01

2005-11-01 21:20:02
from [Frank Ellermann] [Permanent Link] 
Eric Rescorla wrote:


If I see a message which is DKIM signed by iecc.com and
iecc.com is on my "DKIM white-list" this is pretty useful
info right?

[...]

The scenario you cite is likely of *some* utility but
it's not clear how much, or if it exceeds the cost of
implementation and design.  The answer to that question
depends on (at minimum) (1) what the false positive
rate would have been without the whitelisting


What's the question without the white list ?  If you don't
know iecc.com then it's a random stranger, and you're not
very interested to check his signature - unless "stupid
spammer unable to create a proper PASS" is important for
you.


(2) the degree of predictability about whitelist contents
(for attackers),


Yes, if the attacker doesn't get this right he loses, and
that's already the case today without DKIM or other schemes
to check white listed sources.  When I get mail from XXXX
claiming that I'm a customer it's a phish, because I am no
XXXX customer.  And if it's from YYYYYY hitting my inbox
or junk folders it's also a phish, I am an YYYYYY customer,
but the address used by YYYYYY for mail to me would never
hit my inbox or junk folder, it goes to a "secret" folder.

The latter approach is obviously shaky, adding some "PASS"
result as offered by DKIM and SPF could improve it.  But
then it must be extremely hard to get a PASS for YYYYYY
for an attacker, otherwise I'd be better off without it.


(3) the level of zombie infection--or more precisely
potential zombie infection--of the domains which are on
the whitelist.


If YYYYYY is controlled by a spammer I lose.  In Arvel's
example all he can then do is to discuss it with iecc.com
and remove them temporarily from his white list.  Or he
needs two white lists, one with trusted sources, a second
white list for less reliable sources with zombies.

But your point (3) is about the content of the white list,
not about a scheme like DKIM used to check mail claiming
to come from a white listed source.


It's not clear to me that we have good data on any of these
questions, let alone an analysis that incorporates all of
them.


Your 3rd point is a hopeless case, you can only document
it:  "trusted source + PASS => good" doesn't work if the
source is compromised.
                       Bye, Frank


_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: opaque-identifier scaling (was: Re: [ietf-dkim] ebay / eboy), Mark Delany
Next by Date:  Re: [ietf-dkim] the actual problem DKIM addresses, was Review of draft-fenton-dkim-threats-01, Dave Crocker
Previous by Thread:  Re: [ietf-dkim] Review of draft-fenton-dkim-threats-01, Andrew Newton
Next by Thread:  Re: [ietf-dkim] Review of draft-fenton-dkim-threats-01, Arvel Hathcock
Indexes:  [Date] [Thread] [Top] [All Lists]