ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] New Issue: 4.2 needs new Attack Item: Inconsistent Signature vs Policy Attacks

2006-01-31 09:23:09
Hector Santos wrote:
Suggested correction to TA:

Add a new attack item:

   Inconsistent Signature vs. Policy Attacks
         Impact: High
         Likelihood: High

If a new column "Detection/recovery" is added as suggested in a previous
TA review comment, then this would change to:

   Inconsistent Policy Attacks
         Impact: Low
         Likelihood: High
         Detection/Recovery: High

Background reasoning:

Currently the SSP draft intent is to only apply SSP against messages
lacking a signature.  If a valid signature is found, then SSP is not
necessary.  [Note: if this understanding is incorrect, please correct
it.]
  
SSP is not necessary if a valid originating address signature is found. 
If the only valid signature(s) is/are third-party, it is still necessary
to check SSP associated with the originating address.
Ironically, this SSP draft specification would present the highest and
more probable threats or occurrence of the DKIM/SSP proposal.  By
following the draft specification, there will be many loopholes.

Example loopholes:

1) A message is signed, but the SSP indicated a "o=." (No mail expected
   from domain).
  
There has been a lot of discussion of "o=." but it's not actually in the
current version of the SSP draft.  I personally don't think it's really
necessary.  But that's probably a better topic for later.

2) A message is signed, but the first party domain has no declaration of
   a signing policy.  Currently, the SSP draft has no specification to
   expose a "No signature expected" policy.  Instead, the NXDOMAIN DNS
   result for a SSP will result with a default o=~ policy (optional
   signing by any party).
  
In the presence of a "no signature expected" policy, would a message
with a valid signature be more suspicious than one without?  But if no
signature is expected, why would the OA domain have any keys published
in the first place?
3) A message is signed by a 3rd party, but the SSP indicated a o=!
   policy where the original domain signature is required, and a 3rd
   party signature is not expected but allowed to be present.

   Note: The o=! policy can be a defined a "near exclusive" policy, but
   it is not an absolute exclusive policy consideration.
  
I'm afraid I don't follow this.
4) Although there is no current SSP specified in the draft to declare an
   optional original domain signature and no 3rd party signing expected
   the policy exist for this scenario to occur.

These signed mail "NO need for SSP" attacks should be consider to have a
high potential occurrence with direct attacks and indirect attacks.

Direct attacks would be bad actor attempts to exploit compliant DKIM/SSP
systems. Indirect attacks would be bad actors attempts to exploit
non-compliant DKIM/SSP and rely in "social engineering" exploits.  With
indirect attacks, bad actors will not emphasize on protocol correctness.

These attacks can be detected if the SSP is checked against the domain
whether the message is signed or not.  This will lower the risk, the
uncertainty of bad attack exploits and hence, lower the impact of these
high probably attacks
  
Sorry, I'm not following this either.  It seems the threat has to do
with receipt of signed messages when none should be expected.  But isn't
this addressed simply by not publishing any key records?

-Jim

_______________________________________________
ietf-dkim mailing list
http://dkim.org

<Prev in Thread] Current Thread [Next in Thread>