David Mayne wrote:
That said, perhaps at this point, having a test flag engraved in the
protocol now may be a bit obsolete with a more mature SSP framework. I
do fail to see the damage and dooom hat some are attributing to this
test mode though, as receivers will act to their best interests anyway,
no matter what the signers policy states...
I agree Mr. Mayne, but can we safely say this is true for the general
network and wide adoption across millions of the smaller systems?
IF the specification says:
y The domain is testing signing practices, and the Verifier
SHOULD NOT consider a message suspicious based on the record.
with no further engineering insights, then this opens the door to
security threats if verifiers honor the currently written SHOULD NOT
recommendation.
The threat is this:
Once DKIM signed messages are unleashed on the world en masse, attackers
can take the DKIM headers of HV domains or any domains who have t=y
policies, add their own content to the body and blast their spam,
marketing or malicious mail.
They are not going to worry about the fact that the signature will be
invalid because the t=y will promote the idea there is nothing
suspicious about the message.
Yes, DKIM says "failure is to be views as unsigned" but SSP "Must sign
all" policies also say unsigned means suspicion - failure.
SSP will override DKIM "Failure To Unsigned Status" promotion.
But the real problem is when the failure is perpetual, the verifier is
seeing this over and over again from the same domain for extended periods.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html