ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] ISSUE 1525 -- Clarification about posting by first Author

2008-01-17 08:56:27
I was viewing this as a resolution to 1525...

Michael Thomas wrote:
Eliot Lear wrote:
Michael Thomas wrote:
Eliot Lear wrote:
John L wrote:

Reflection attacks?  How would a few TXT queries make that happen?

It would be the queries themselves I would be worried about. Suppose someone blasts a message to thousands of domains that has many addresses in the From: line. All of sudden all of those domains are under attack.

Perhaps some careful wording about how this is handled can get us around that? I don't know.

You know, I really wonder whether this is a mole hill sized mountain.
I wonder how long it would take for spam filter writers to notice this
kind of attack and write a new rule to send them to the bit bucket. A
week? Less? Not to mention that Baysian filtering would glom onto it
even faster.

        Mike


Ok, perhaps it's nothing. It did occur to me as a potential attack. Perhaps worth adding a line in Security Considerations?


Is there an open issue about this? If there is, can I propose that we:

1) consider all addresses in the From: address up to some arbitrary
   limit in which case the message is suspicious
2) write a security consideration mentioning the reflection attack, and
   the likely mitigation that filtering software should view this as
   out of the ordinary

        Mike


_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>