Re: Preventing "replay attacks" with Provable Right to Forward


On Sun, 2005-02-06 at 09:12 -0800, 
domainkeys-feedbackbase01(_at_)yahoo(_dot_)com
wrote:


Firstly there has never been a necessity to tie the 2822 recipients to the 
2821
recipients, though clearly this is the extremely common case.

Secondly, the BCC header has to remain in the email and thus obviously
submitted separately from the other recipients to maintain the BCC
functionality. SUBMIT of course can do this on behalf of UAs.

Finally, 2821.RCPTTO fan-outs such as aliases and mailing lists (or their
SUBMIT service) have to make separate 2821 transactions for each separate PRF 
-
this is where granularity has a big impact. A per-localpart PRF implies
dropping multiple RCPTTOs from 2821. Those who believe that multiple recipient
email provides a serious saving to Internet bandwidth will howl about this (on
a global basis we already know the average number of recipients to be much 
less
than 2, but on a local basis it can clearly be an issue).

A lof of people will baulk at such serious implications, but it does 
completely
eliminate what we are calling "replay attacks" (I prefer to call them
unauthorized forwards).

The question is, is PRF worth it? If I had my druthers I would probably adopt 
a
"wait and see" attitude, to paraphrase our politicians, and consider this as a
possible MASS-II deliverable in the event that a) replay because a serious
issue in practice and b) the mitigation strategies prove insufficiently
effective.


Including settings within the Signature header as part of signed content
would provide a foundation for making future changes.  An opaque
identifier option, used with a single negative DNS lookup, should be
preferable over path registration for replay protection (with respect to
overhead).  Path registration trades this single small lookup for
potentially hundreds.  With compromised systems at the heart of the
problem, every other authorized server within a path becomes a
publicized avenue for abuse.  It would be impossible for path
registration (maintained by other entities) to offer a signing domain an
assured means to protect their signature reputation.    

-Doug

<Prev in Thread]	Current Thread	[Next in Thread>
MASS Security Review document, Jim Fenton Re: MASS Security Review document, Douglas Otis Re: MASS Security Review document, John Levine Re: MASS Security Review document, william(at)elan.net Preventing "replay attacks" with Provable Right to Forward, domainkeys-feedbackbase01 Re: Preventing "replay attacks" with Provable Right to Forward, Douglas Otis <= Re: Preventing "replay attacks" with Provable Right to Forward, John Levine Re: MASS Security Review document, Douglas Otis Re: MASS Security Review document, John R Levine Re: MASS Security Review document, Douglas Otis Re: MASS Security Review document, John R Levine Re: MASS Security Review document, Hector Santos Re: MASS Security Review document, Douglas Otis Re: MASS Security Review document, Sam Hartman Re: MASS Security Review document, Michael Thomas Re: MASS Security Review document, Sam Hartman

Previous by Date:	Re: MASS Security Review document, Douglas Otis
Next by Date:	Re: MASS Security Review document, Jim Fenton
Previous by Thread:	Preventing "replay attacks" with Provable Right to Forward, domainkeys-feedbackbase01
Next by Thread:	Re: Preventing "replay attacks" with Provable Right to Forward, John Levine
Indexes:	[Date] [Thread] [Top] [All Lists]