Sorry,
Should have been clearer.
Bad guy sends a message purportedly from cox.com with a header
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=cox.com
The non dkim compliant mta who hasn't deployed dkim yet or knowing much
about it places a rule stating that signed messages should be allowed to
travel inbound without further checking because dkim is new and safe.
A dkim compliant mta will do a dip on my dns records and find no ssp or
dk record and drop the message as non compliant.
I suspect that in the beginning there will be a lot more of the former
than the latter.
Bill Oxley
Messaging Engineer
Cox Communications, Inc.
Alpharetta GA
404-847-6397
bill(_dot_)oxley(_at_)cox(_dot_)com
-----Original Message-----
From: Dave Crocker [mailto:dhc(_at_)dcrocker(_dot_)net]
Sent: Tuesday, January 31, 2006 12:49 PM
To: Oxley, Bill (CCI-Atlanta)
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] New Issue: 4.2 needs new Attack Item:
InconsistentSignature vs Policy Attacks
Bill,
Bill(_dot_)Oxley(_at_)cox(_dot_)com wrote:
The hacker does not need access to my zone, he just attaches a
lookalike
header yes " And to have *any* rule that allows bypass of defense
based upon the receipt of a header from outside your control is
extremely dangerous." But folks will do it anyway
By "lookalike" do you mean social engineering with a related name
string, such
as citibank.com vs. c1t1bank.com, or do you mean something else.
If something else, please elaborate.
On the other hand, if you mean the name confusion thing, I would guess
that that
is entirely out of the scope for this working group, since it really
pertains to
reputation mechanisms, associations between domain names and brands,
etc.
d/
--
Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
ietf-dkim mailing list
http://dkim.org