Frank,
I'm having a little trouble figuring out how to use your comments. In
some cases (2821-zoo) it appears you agree, in others it appears that
you are describing new threats (zombie behind the checking agent) and
others I'm not sure. Can you provide a list of threats that have not
been mentioned which you think should be included?
Thanks
-Jim
Frank Ellermann wrote:
Jim Fenton wrote:
For "countermeasures", I'd like to declare out-of-scope the
use of independent mechanisms such as SPF and CSV; I think
those apply more-or-less equally to all.
Add DNSBLs and MTAMARK for a more or less complete 2821-zoo ;-)
That's kind of obvious, only independent 2822 mechanisms like
PRA could muddy the water.
In addition, I'd like to include a chart of threats with
their likelihood and impact rated as High/Medium/Low.
It depends on how good DKIM will work (overall from a user's
POV behind DKIM checks). If it works really good the attackers
will try everything to get some kind of "PASS" (bogus or true).
They will try to get a zombie before the "signing agent" or
behind the "checking agent". If that fails they will pretend
to have managed it anyway, with a "PASS" for their very own
"eboy" domain of the day
High: All users of DKIM should expect this attack on a
frequent basis
eboy is high. Impact medium (?). Nothing new or special if
it's clearly documented everywhere.
Medium: Users of DKIM should expect this attack occasionally
Zombie behind the "checking agent" could be medium, it depends
on how that's organized by the receving network, some TBD way
to report results (e.g. header field and what MUAs do with it).
Low: Attack is expected to be rare and/or very infrequent
Zombie "inside" ebay's network before the "signing agent" is
FUBAR, and it would kill ebay. Sooner or later somebody will
manage to commit net suicide with DKIM => impact lethal, not
only "high".
in the meantime, be thinking of attacks.
Bye, Frank
_______________________________________________
ietf-dkim mailing list
http://dkim.org
_______________________________________________
ietf-dkim mailing list
http://dkim.org