ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] draft-ietf-dkim-rfc4871bis-07 // Attacks Involving Additional Header Fields

2011-04-26 12:52:14
from [Douglas Otis] [Permanent Link] 
On 4/25/11 9:18 PM, Murray S. Kucherawy wrote:

-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org 
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Douglas Otis
Sent: Monday, April 25, 2011 6:33 PM
To: ietf-dkim(_at_)mipassoc(_dot_)org; Barry Leiba; Pete Resnick
Subject: [ietf-dkim] draft-ietf-dkim-rfc4871bis-07 // Attacks Involving
Additional Header Fields

Double listing in the "h=" tag can not fully mitigate risks related to
appended header fields when messages are signed by a different domain
than the domain found in the appended From header field.

DKIM doesn't create any binding between the RFC5322.From domain and the "d=" 
value as you're doing.  What you're talking about here falls into the realm 
of ADSP or other policy-like assertions, not DKIM itself which is the topic 
of this draft.

Agreed.  The "d=" domain within the DKIM-Signature header field and the 
 From header field may be bound by acceptance policies perhaps due to 
ADSP publications or private arrangements.  It is the From header, not 
the DKIM-Signature header field, most likely seen and sorted by 
recipients, although acceptance may have been based upon DKIM-Signature 
domains.

Security Consideration section 9.14 will not protect phished domains 
where recipients may depend upon policy constraints that bind From and 
the DKIM-Signature field domains.  Unfortunately, despite the protective 
policies and double listings recommended in section 9.14, phished 
domains will still find their From header fields accepted and spoofed 
when signed by otherwise uninvolved "too big to block" domains.

The lack of protection is due to the _base_ DKIM specification omitting 
checks necessary to prevent inadvertent endorsement of replayed messages 
carrying bogus pre-pended From header fields added to a message 
previously originated and signed by an otherwise uninvolved domain that 
may not have a problem with phishing.

Do you see any problem with the suggested remedy?  Section 9.14 still 
supports prior versions of DKIM verifiers although the double listing 
strategy would offer limited protection that appears to assume 
DKIM-Signature domains are somehow visible.

-Doug


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] ISSUE: Updating Section 6.5: Recommended Signature Content, Murray S. Kucherawy
Next by Date:  Re: [ietf-dkim] draft-ietf-dkim-rfc4871bis-07 // Attacks Involving Additional Header Fields, Barry Leiba
Previous by Thread:  Re: [ietf-dkim] draft-ietf-dkim-rfc4871bis-07 // Attacks Involving Additional Header Fields, Charles Lindsey
Next by Thread:  Re: [ietf-dkim] draft-ietf-dkim-rfc4871bis-07 // Attacks Involving Additional Header Fields, Barry Leiba
Indexes:  [Date] [Thread] [Top] [All Lists]