ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] draft-ietf-dkim-threats-00 Unreasonable estimate of impact from a highly probable exploit

2006-01-24 16:27:59
from [Douglas Otis] [Permanent Link] 

On Jan 24, 2006, at 2:44 PM, Stephen Farrell wrote:

Douglas Otis wrote:
---[C: Unreasonable estimate of impact from a highly probable exploit.] 
,---
| 4.1.  Attacks Against Message Signatures
|  ...
| Signed message replay                       |   Low  |    High    |
'---
This should read:
: Signed message replay                  |  Very High  |    High    |
How was this problem rated?
I guess Jim just used his judgment in the expectation that the WG will review and come to consensus - which is quite the proper thing to be doing IMO.
Also - there's no "Very High", most risk analysis approaches (that don't try to sell you over-exactness) just use high/medium/low. So we can interpret you as asking for "High" in the impact column for 4.1.5. 

The Very High was used to make a point.  Just High would be fine.
Any large domain has a continuous background of abuse being sent. In some cases, this abuse may represent tens of thousands of compromised systems. Any list-server is also prone, as there is no practical means to screen participants or expect effective outbound filters when the number of messages do not reflect the overall traffic until used in the replay. Out of the millions of valid users within these domains, rate limiting has ensured these abusive systems represent a smaller percentage of the overall outbound email in most cases. When used in conjunction with a replay strategy, rate limits will not remain effective, and yet the signature still remains valid. Once the DKIM signature has any acceptance value, expect this problem to become paramount. 

That doesn't make too much sense to me I'm afraid. (But since things
seem to work quicker/better when we do this: let's do it again:-)
Exactly what change are you proposing, other than s/Low/High/ above?


Perhaps the following text could help justify this rating:

: Acceptance based upon the DKIM signature is in jeopardy of
: being exploited for any large domain, a domain offering
: public services, or where the network is exposed.  Abusive
: message replay will be able to circumvent containment
: strategies currently used to ensure only tolerable amounts
: of abuse are permitted.  Unless there are new strategies
: put in place to deal with this potential exploit, there is
: no reason to expect that DKIM will ever offer a means for
: basing acceptance, as this exploit will affect most domains.

-Doug






_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] draft-ietf-dkim-threats-00 Overlooking a practical solution while also recommending a highly unfair solution, Douglas Otis
Next by Date:  Re: [ietf-dkim] draft-ietf-dkim-threats-00 Limited information in a critical section, Douglas Otis
Previous by Thread:  Re: [ietf-dkim] draft-ietf-dkim-threats-00 Unreasonable estimate of impact from a highly probable exploit, Stephen Farrell
Next by Thread:  [ietf-dkim] Re: draft-ietf-dkim-threats-00 Unreasonable estimate of impact from a highly probable exploit, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]