ietf-dkim
[Top] [All Lists]

[ietf-dkim] Re: t=y (was: DKIM Interoperability Event notes)

2007-11-08 17:31:59
Hector Santos wrote:
Murray S. Kucherawy wrote:

The rest of your points about the exposure "t=y" in a published SSP
record may be valid, but I remain confused about this point and it
seems to be the premise of your attack.

Attackers will be able to create a FAILED fascimile of a primary
domain DKIM complete message and as long as the primary has a t=y
policy, the attackers need not worry about HASH PERFECTION - it just
randomly creates a signature with a junk hash because the t=y will
promote a IGNORE FAILURE concept.

I'm a little confused about whether you're talking about t=y in the key
record or in the SSP record, so let's discuss both.

t=y in the key record is of dubious value if verifiers adhere to the
principle that DKIM failures are equivalent to non-existent signatures. 
Since a broken signature shouldn't cause a message to be rejected or
otherwise penalized, there isn't any reason to warn verifiers that
you're testing.

t=y in the SSP record is perhaps unnecessary, since there isn't much
possibility of a failure in publishing an SSP record that would require
much, if any, testing.

However, t=y might be more useful if it's associated with reporting
failure to some reporting address that might be specified by the
signer.  You could collect failure reports without actually causing
(particularly SSP) to take effect.  I believe that Murray may be on the
verge of proposing just such a mechanism.

If your point is that publishing t=y provides no security over not using
DKIM or SSP at all, I agree.

-Jim
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html