ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Are verifiers expected to query SSP on a successfulverify?

2006-07-31 13:51:17

----- Original Message -----
From: "Dave Crocker" <dhc(_at_)dcrocker(_dot_)net>
To: "Tony Hansen" tony(_at_)att(_dot_)com

I would like to see a scenario described that explains exactly
what problem needs to be detected and why it is a compelling,
immediate requirement.

It serves no justice to try put all the work already done into spigetti mail
threads.

The TA issues and discussions highlighted many of this and I believe the
latest Threats draft does also highlight much of this.

The following diagrams shown here were modeled on SSP, from which the DSAP
"fill in the holes" proposal was based on:

   http://www.winserver.com/public/ssp/ssp.htm

Hopefully DSAP will be officially announced in today's batch new IETF I-D
drafts:

  http://isdg.net/public/ietf/drafts/draft-santos-dkim-dsap-00.txt
  http://isdg.net/public/ietf/drafts/draft-santos-dkim-dsap-00.html

To answer the subject title question:

   "Are verifiers expected to query SSP on a successful verify?"

My position has always been that its a chicken and egg issue, and also a
implementation design consideration.

But when considering the "security" aspect of DKIM-BASE, the ideal model
calls for an SSP lookup at all times in order to secure the most obvious
possible exploitations such as:

    - Sign or no sign, No mail was expected
    - The mail was not signed and it was expected to be signed.
    - The mail was signed and it was not expected.
    - The mail was signed by 3rd party and it was not expected.

and none of this highly possible transactions require DKIM signature
verification yet.  So it can beviewed as an optimization consideration as
well.

The debates centered around;

    - Redundant DNS lookup concerns,
    - Invalid signatures sufficient for non-accepability,
    - Valid OA or 3P signatures have the same level of trust.
    - Multiple signatures matrices.

I think most agree that in todays world, although always a concern,  the
question of redundant DNS lookups should not be a show stopper.

When "ignore invalid" signatures became the written in stone policy in
DKIM-BASE, this only served to highlight the need for a SSP concept.
Failures can not be ignored.

The question of OA vs 3P was simply a matter of trust and the long debated
solution was requirement to have a "allow list" somewhere.  Of course, the
concern of lenght issues was among it.

The Multiple Signature Matrices is probably the most complex part of this
DKIM framework because it deals with the 3PS issues, the Mailing List
issues, the mail integrity issues.  Currentlly the DKIM-BASE model allows
for the validation of detected failure in multiple signed messages if and
only if,  atleast one signature is valid.

Anyway, the redundancy DNS lookup concerns resurface with a multple
signature message.

My personal engineering opinion, that one failure is enough for a negative
classificaton.   But when mixing in mailing list issues, this is probably
the only way to make DKIM work with mailing list servers (MLS).

Howver, as my DSAP draft proposals,  we can minimize these multiple
signature mailing list problems with a SSP lookup to again, avoid the most
fundamental exploitations that I outlined above.    The simpliest example is
a MLS pre-empting failure by confirming the DKIM usage of an email address
during the subscription process:

3.3.  Mailing List Servers

   Mailing List Servers (MLS) applications who are compliant with DKIM
   and DSAP operations, SHOULD adhere to the following guidelines:

   Subscription Controls

      MLS subscription processes should perform a DSAP check to
      determine if a subscribing email domain DSAP policy is restrictive
      in regards to mail integrity changes or 3rd party signatures.  The
      MLS SHOULD only allow original domain policies who allow 3rd party
      signatures.

   Message Content Integrity Change

      List Servers which will alter the message content SHOULD only do
      so for original domains with optional DKIM signing practices and
      it should remove the original signature if present.  If the List
      Server is not going to alter the message, it SHOULD NOT remove the
      signature, if present.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html