ietf-dkim
[Top] [All Lists]

RE: [ietf-dkim] New Issue: review of threats-01

2006-03-20 12:52:48
Statement is misleading


4.2.1.  Look-Alike Domain Names

   Attackers may attempt to circumvent signing policy of a domain by
   using a domain name which is close to, but not the same as the domain
   with a signing policy.  For instance, "example.com" might be replaced
   by "examp1e.com".  If the message is not to be signed, DKIM does not
   require that the domain used actually exist (although other
   mechanisms may make this a requirement).  Services exist to monitor
   domain registrations to identify potential domain name abuse, but
   naturally do not identify the use of unregistered domain names.


Actually these services mostly make money selling registrations. Engage
VeriSign to do this and you will get wonderfull tools to predict look-alikes
you might want to register ordered by a variety of risk factors.

The real problem is that the number of registrations is unbounded.


4.2.1.  Look-Alike Domain Names

   Attackers may attempt to circumvent signing policy of a domain by
   using a domain name which is close to, but not the same as the domain
   with a signing policy.  For instance, "example.com" might be replaced
   by "examp1e.com".  If the message is not to be signed, DKIM does not
   require that the domain used actually exist (although other
   mechanisms may make this a requirement).  Services exist to monitor
   domain registrations to identify potential domain name abuse and 
   advise on unregistered domain names. As there is no limit to the 
   number of look-alike domains the scope of such services with respect
   to unregistered domain names is necessarily limited to those that 
   represent special risks.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html