On 7/7/11 10:09 AM, Pete Resnick wrote:
DKIM can only be "deployed to mount a
variety of attacks" if the recipient has already made the fatal mistake
of assuming that the existence of a cryptographically valid signature
*means* that the message is reliable and from a known "good" sender.
Strongly disagree!
Security must consider what is meant by verification. The fact that a
signature appears valid although _significant_ visible aspects of the
message's author, subject, date, etc can be altered represents a clear
threat and a present danger in the verification process that also
threatens policy layers such as ADSP!
Ensuring verification is not deceptive does not represent a layer
violation. Expecting consumers of DKIM results to guess whether
critical verification aspects were checked is a layer and a trust
violation! A layer violation since DKIM MUST understand critical
aspects of the verification process! A violation in trust since
offering a verification pass for a message with multiple From header
fields is clearly negligent.
Had the pre-pended exploit not been missed in the original threat
review, the verification process would NOT have over looked this serious
failing. The expressed goal was to ensure subsequent processes not be
DKIM "aware" for safe and incremental DKIM deployment.
While there are many ways a malefactor might attempt to deceive
recipients, due to the verification flaw any false expectation that DKIM
used by a phished domain offers protection places recipients in even
greater peril. This may even invite the phishing that DKIM was intended
to help mitigate. With this verification flaw, reputation CAN NOT offer
protection when misapplied to grant acceptance of deceptive messages.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html