ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] detecting header mutations after signing

2010-10-16 12:45:22


-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of Wietse Venema
Sent: Friday, October 15, 2010 5:10 PM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] detecting header mutations after signing

MH Michael Hammer (5304):


-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of 
Bill(_dot_)Oxley(_at_)cox(_dot_)com
Sent: Friday, October 15, 2010 11:59 AM
To: dcrocker(_at_)bbiw(_dot_)net
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] detecting header mutations after signing

Well a broken signature is morally equivalent to unsigned so Im
not
sure
of the potential harm...


And this is where I angst. In all the discussions of a broken
signature
being morally equivalent to unsigned, the thrust has been that it
was
likely broken in transit. We failed to have the discussion of it
being
intentionally broken in transit as an attempt to game the system.
For
header mutations after signing (which are likely to be a malicious
attempt in the specific cases we have been discussing) I feel that
treating it as simply the same as unsigned is ignoring the potential
maliciousness.

I'm sure this was discussed before, but perhaps a refresher helps.
How would the DKIM validator know the difference between:

A: The message had a valid signature, but it was broken after
signing.

B: The message is a forgery with a bogus signature.

If the DKIM validator cannot make that distinction, then the bad
guys will do B and the validator will treat it as A.

      Wietse

Multiple headers are a specific class of problem. The signature is not,
in fact, broken. It validates. The described attack actually leverages
this.

We are left in the realm of "the operation was a success but the patient
died". If this where we want to be?

How often do we see multiple From headers where the From was added (as
opposed to the original From was modified) after the message was signed?
How often do we see this without malicious intent in the wild? Same
question for other headers?

What is the value proposition that DKIM offers that incentivizes people
to adopt it?

I remember similar discussions back in the 2004 timeframe when we didn't
have practical experience with DKIM. This theme was in fact touched on
at the "Marketing DKIM" dinner that Dave organized after the FTC
workshop in DC.

I am not suggesting that we boil the ocean. I am suggesting that we can
realistically address this class of problem without having to "fix" the
world. Failure to address it significantly alters the value proposition
of DKIM..... in a negative manner.

I've never been happy with the choice to have "fails to validate" == "no
signature". This is what invites your question about "A" or "B". Your
question "A" begs the question of how the signature was broken. If we
never see a certain type of brokenness in the wild in normal usage but
only (potentially) see it in abusive usage, why would we not recognize
and address this?

Mike


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>