Murray S. Kucherawy wrote:
On Thu, 8 Nov 2007, Hector Santos wrote:
Attackers will be able to create a FAILED fascimile of a primary
domain DKIM complete message and as long as the primary has a t=y
policy, the attackers need not worry about HASH PERFECTION - it just
randomly creates a signature with a junk hash because the t=y will
promote a IGNORE FAILURE concept.
OK so in fact the complaint is "t=y is dangerous", not "a hacker could
insert t=y into someone's policy" (which is what you originally said).
There are other people here who can debate that as well as or better
than I so I'll yield.
Ok, I didn't say insert, but I can see how it was read. I stated:
It is clearly a threat entry point allowing anyone to try to
create a DKIM signature and all they have to do is add t=y with
the hope the receiver will ignore all fail validations.
I should of been clear of saying "exploited domains who added t=y into
their policy":
... and all they have to do is find a DOMAIN with a t=y policy...
In sticking to the Subject: of this thread, no, this was not discussed
at the Interop event. SSP was determined early on to be out-of-scope
for our tests. We were focusing only on RFC4871 itself.
How unfortunate.
It was felt, though, that SSP might be the subject of a future Interop
event once the draft has become an RFC (or, perhaps, multiple proposals
are available).
Its unfortunate that SSP continues to be play 2nd fiddle when in fact,
in my mind, DKIM is worthless (offers little payoff) without a POLICY
concept. I won't recommend DKIM until SSP is part of the fundamental
picture.
Anyway, I won't go there. I just hope the t=y comments are not ignored.
Thanks for your own comments.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html