ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] New Issue: 4.2 needs new Attack Item: Inconsistent Signature vs Policy Attacks

2006-01-30 13:32:28
My comment here is really about the relationship between DKIM and the
SSP: what Hector is describing below implies to me that we need to know
up front whether or not an SSP should be applied. This can be
accomplished in several ways: 1) always look for the SSP, as Hector
suggests; 2) add information to the DKIM DNS record to indicate that the
SSP should always be looked for; 3) incorporate the SSP information into
the DKIM DNS record; or 4) some other ways I'm not thinking of at the
moment. Of the first three, I'd lean towards #2.

        Tony Hansen
        tony(_at_)att(_dot_)com

Hector Santos wrote:
Suggested correction to TA:

Add a new attack item:

   Inconsistent Signature vs. Policy Attacks
         Impact: High
         Likelihood: High

If a new column "Detection/recovery" is added as suggested in a previous
TA review comment, then this would change to:

   Inconsistent Policy Attacks
         Impact: Low
         Likelihood: High
         Detection/Recovery: High

Background reasoning:

Currently the SSP draft intent is to only apply SSP against messages
lacking a signature.  If a valid signature is found, then SSP is not
necessary.  [Note: if this understanding is incorrect, please correct
it.]

Ironically, this SSP draft specification would present the highest and
more probable threats or occurrence of the DKIM/SSP proposal.  By
following the draft specification, there will be many loopholes.

Example loopholes:

1) A message is signed, but the SSP indicated a "o=." (No mail expected
   from domain).

2) A message is signed, but the first party domain has no declaration of
   a signing policy.  Currently, the SSP draft has no specification to
   expose a "No signature expected" policy.  Instead, the NXDOMAIN DNS
   result for a SSP will result with a default o=~ policy (optional
   signing by any party).

3) A message is signed by a 3rd party, but the SSP indicated a o=!
   policy where the original domain signature is required, and a 3rd
   party signature is not expected but allowed to be present.

   Note: The o=! policy can be a defined a "near exclusive" policy, but
   it is not an absolute exclusive policy consideration.

4) Although there is no current SSP specified in the draft to declare an
   optional original domain signature and no 3rd party signing expected
   the policy exist for this scenario to occur.

These signed mail "NO need for SSP" attacks should be consider to have a
high potential occurrence with direct attacks and indirect attacks.

Direct attacks would be bad actor attempts to exploit compliant DKIM/SSP
systems. Indirect attacks would be bad actors attempts to exploit
non-compliant DKIM/SSP and rely in "social engineering" exploits.  With
indirect attacks, bad actors will not emphasize on protocol correctness.

These attacks can be detected if the SSP is checked against the domain
whether the message is signed or not.  This will lower the risk, the
uncertainty of bad attack exploits and hence, lower the impact of these
high probably attacks

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com




_______________________________________________
ietf-dkim mailing list
http://dkim.org
_______________________________________________
ietf-dkim mailing list
http://dkim.org