ietf-mailsig
[Top] [All Lists]

RE: In response to Housley-mass-sec-review

2005-03-09 08:47:18

On Tue, 2005-03-08 at 15:55 -0800, Michael Thomas wrote:
On Mon, 2005-03-07 at 15:29 -0800, Hallam-Baker, Phillip wrote:
Yes, the attack can happen fast, but if they are sending spam the revocation
check will get hammered and there is a great way to spot something odd going
on.

I've only been following this thread minimally, but it seems that
any revocation scheme would have to rely on some form of automatic
population lest you run into the issues Jim raises. But what I don't
recall seeing is whether there's any reason to believe that such
auto-revocation schemes could possibly have an acceptable false
positive rate within the necessary reaction time (ie, such that
the horses are not running wild on the plains to continue this
tortured analogy). It seems like an easier hand-wave than the
reality of implementation.

There is a deployed monitoring scheme that that sorts, correlates, and
publishes rapidly.  Creating a specific report for the affected
administrator could allow a reaction within minutes.  The monitoring
information would then be disseminated by way of the revocation records
to all their recipients, following the administrator's review.  High
levels of revocation record checks would also highlight potential abuse.
A revocation-record would identify messages being replayed and their
source (IP address/HELO) as they are sent.  Without a revocation scheme,
abusing good reputations of a signature will continue until it has no
value.

Revocation-identifiers/revocation-records should be an effective
deterrent.  When the signatures have a reputation value, expect this to
be abused.  Carry a big stick to remind the horses. : )

-Doug


<Prev in Thread] Current Thread [Next in Thread>