ietf-mailsig
[Top] [All Lists]

RE: [spf-discuss] Attacking Domain Keys

2004-11-30 18:51:56
On Mon, 2004-11-29 at 18:45, Hallam-Baker, Phillip wrote:
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com 
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of 
Stephen Pollei

On Mon, 2004-11-29 at 12:42, Hallam-Baker, Phillip wrote:
The fact is that we are going to need BOTH SPF and DK to 
address all 
the email authentication requirements that are out there. For 
messaging convenience I try to encourage people to push SPF as an 
anti-spam solution and DK in the anti-phishing area but we will 
actually need both in both problems.
I don't see that SPF, DK, or IIM as being directly anti-spam 
or anti-phish... All of those are anti-forgery. Further I 
think that even a little bit of anti-forgery can work some 
wonders.

Agreed, but remember the constraints we are working under here. The media
cannot accept a complex, subtle message, they get easily confused.
So I won't allow the "media" to dictate technical decisions to me.

SPF is sufficient for the aspen framework for eliminating spam. DK is a good
platform to address many of the problems with phishing, but that does not
mean that the two are not complimentary since phishing is still a form of
spam and reducing spam is beneficial in stopping phishing.

I also agree that public-key cryptography can add much value to just
using spf to catch the most blatant fraud/phish attempts. IMHO However
when to comes to phish/fraud scenarios I don't think DK adds much value
over just using spf. I have a two part reasoning for this assertion.

1)spf is good enough to to cause phishers, spammers and other fraudsters
to use alternative domain names.

I had in an earlier email a real world example phish about a bank. I
noted that even a loose mask of 167.88.0.0/12 would have caught that
particular phish quite easily. I also mentioned that if a abuser was in
fact in the range of the mask, then it also increased the possibility
that you could seek intervention via both government law enforcement and
network operations. Of course a netmask using 12 is extremely loose;
even if you were being super loose I'd recommend that you use something
in the range of 18 to 24. You would want the range to be in use by only
one AS(Autonomous System)[1] and within the jurisdictional bounds of
only one national political entity as much as possible at the very
least. For Ipv6 a mask of 48bits which should cover the TLA and NLA
should be roughly equivalent.

So my point is that even a loose spf policy could eliminate over 99.9%
of the opportunities for domain name joe-jobs, and make the last 0.1%
much easier to police. A tighter policy of course would provide even
greater benefits.

I think Roger Moser had a great 7 item enumeration of scenarios that
happen when you use spf with Domain Keys. For the bank phish example
you'd want the real email to come to you directly, not via unknown
forwarders or mailing lists. So we can simplify and boil his examples
down to directly from their designated servers, in which case DK
checking is almost but not quite completely redundant. I'm sure someone
will mention MITM(man in the middle) attacks.
So in conclusion for point one, IMHO DK isn't much more effective to get
abusers to switch domain-names than spf already is.

2)Domain-name spoof-proofing is a necessary but insufficient
precondition to both anti-phishing , and other kinds of fraud; Neither
spf nor DK add the other needed preconditions.

OK so we have the following email sample addresses non-exclusive:
happy_teller(_at_)wamu-bank(_dot_)com, president(_at_)wamu-bank(_dot_)com,
janitor7(_at_)wamu-bank(_dot_)com, mr_burns(_at_)wamu-bank(_dot_)com, 
spoof(_at_)wamu(_dot_)com,
hank_hill(_at_)wamu(_dot_)com, peggy_hill(_at_)wamu(_dot_)com, 
bobby_hill(_at_)wamu(_dot_)com,
loans(_at_)wamu(_dot_)com, etc...

Which of these are trustworthy? Which ones can order cleaning supplies?
Which ones can approve your home equity loan of $100,000? Which one can
make multi-million dollar stock trades? Which ones could tell you the
interviews went great, your hired? Which ones can send out the monthly
newsletter? Which ones can send you your monthly statement?

More concretely, if we get an email from lisa_sue_chastity(_at_)wamu(_dot_)com 
--
can we trust it? What exactly can we trust her with? What is her role in
the organization? How does that role effect what kind of authority she
has?

The real questions when it comes to phishy fraud is more than just "Was
the email from lisa_sue_chastity(_at_)wamu(_dot_)com sent by wamu.com?". They 
are
"Is wamu.com really a bank?", "Can I trust wamu.com?", "What kind of
authority does foo(_at_)wamu(_dot_)com have?".

I also think banks among others would want fine-grained control, and
fine-grained signatures for these kinds of things. I think they would
abhor using one public-key signature per domain as the principles of
apparent or ostensible authority might apply see
http://www.silver-freedman.com/library/sept_98_bb3.html .
The janitor might send out an email that someone believes in good faith
as being authorized and signed by the bank as being legally binding, not
good.

I also want things to be a two-way street, I want the bank to encrypt
and sign my monthly statements not just sign them. I also want that to
be fine grained statements(_at_)my-bank(_dot_)com to 
stephen_pollei(_at_)comcast(_dot_)net not
my-bank.com to comcast.net .... I might not want comcast.net to be able
to read my bank statements thank-you very much. Or have comcast to
my-bank DK authenticated email that says pay this Cayman island account
$12,000 .

In my other email I mentioned all kinds of semantic web rdf type stuff
signed by public-key signatures. Stuff like:
foaf http://www.foaf-project.org/
doaml http://www.doaml.net/
saml http://www.oasis-open.org/specs/index.php#samlv1.1
xbrl http://www.xbrl.org/

These kinds of semantic web schemes need to mature. And we need per-user
and even per-role public-keys, not just one key to sign all email for a
whole domain.

AFAIK DK only gives one key per domain, so I'm looking into
http://www.elan.net/~william/emailsecurity/meta_signatures.htm and other
things. One thing I think I see that is missing is that you should be
able to use DNSSEC to get a public key for a domain in question and then
be able to ask it about a particular user. Maybe the http or https
methods imply that should be possible. Key-Management is always a pain.

So in final conclusion, using DK is roughly equivalent to using spf, but
might have nasty legal liability issues if done wrong. Further if I'm
looking into a digital email signature standard then I'd choose
something else besides DK -- something more flexible.

[1]An AS number is a 16-bit integer assigned by InterNIC and used by BGP
to implement policy routing and avoid top-level routing loops. Another
view is of an Autonomous System as a collection of CIDR IP address
prefixes under common technical management.

-- 
http://dmoz.org/profiles/pollei.html
http://sourceforge.net/users/stephen_pollei/
http://www.orkut.com/Profile.aspx?uid=2455954990164098214
http://stephen_pollei.home.comcast.net/
GPG Key fingerprint = EF6F 1486 EC27 B5E7 E6E1  3C01 910F 6BB5 4A7D 9677

Attachment: signature.asc
Description: This is a digitally signed message part

<Prev in Thread] Current Thread [Next in Thread>
  • RE: [spf-discuss] Attacking Domain Keys, Stephen Pollei <=