ietf-dkim
[Top] [All Lists]

Re: Issue 1527 - Threats (was Re: [ietf-dkim] Hostile to DKIM deployment)

2007-12-14 11:01:59

On Dec 14, 2007, at 9:32 AM, Stephen Farrell wrote:



Dave Crocker wrote:
Right. So let's explore what current problems specific functions in SSP
will mitigate.

Folks who are proponents of particular SSP features should document
specific threats and specific SSP feature(s) that will mitigate them.

I think that'd be useful.

Of course, people who aren't proponents can also document specific
threats, and I'd be interested in a few examples that aren't included
in 4868 or the security considerations of the ssp-01 I-D (if I missed
something in a recent posting a reference would be fine). I don't
doubt that some such threats exist, but I don't recall seeing anything
specific on this so far.

An essential part of such exercise is to explain why the mitigation is
strategic.  That is, why will it not be easy for attackers to work
around the SSP mechanism and achieve equivalent attack success.

Modulo look-alike domains I guess? (There's text in 4868, 4.2.1 about
that btw.) I don't think anything in SSP can mitigate that threat.

In that instance the threat might be "A well informed malicious sender
misleads recipients about who the author of the mail is".

SSPs answer to that would be an ability for some receivers to
identify that an unsigned email with the byte-for-byte identical
email address in the From field should have been signed, so
is a forgery.

The analysis would touch on false positives due to signature
breakage, that byte-for-byte comparison is not adequate to
protect a visible brand, that the email address isn't even displayed
in many MUAs and so on.

Cheers,
  Steve


_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>