ietf-mailsig
[Top] [All Lists]

Re: nowsp considered harmful

2005-07-22 18:18:31

On July 22, 2005 at 17:33, Nathaniel Borenstein wrote:

A side note:  I absolutely can't bring myself to care if DKIM is 
vulnerable to "vandalism" in the form of corrupting sabotage of real 
messages, because there's no money in it for the vandal.  Nearly every 
protocol on the Internet is subject to horrific vandalism in the form 
of DOS attacks.  Why worry more about it here?

Not all attacks have to have monetary motive behind it.

Vandalism, although the easiest thing to envision, does not mean
it may be the only type of attack.  Some media-types (HTML?) may
be mutated to cause other forms of attacks with nowsp being used.
Something like nowsp allows too much mutation on data that even if
we cannot think of an effective attack against it now, my gut says
that resourceful blackhatters may be able to discover one.

Vandalism can have some value against DKIM.  If DKIM serves as an
effective basis in combating spam and phishing, spammers may want
to attack the reliability of DKIM to discredit it and prevent its
adoption.  With various business ventures arising that will utilize
or extend DKIM, such types of attacks increase in value.

If reasonable measures can be taken earlier on to minimize potential
attack vectors to a system, it is wise to exercise those measures
to avoid potentially nasty headaches in the future.

BTW, I have only seen one type of example of the existence of nowsp:
handling severely broken, non-standard messages.  IMHO, this case
is non-applicable since DKIM should not try to deal with such cases
unless empirical evidence exists that such cases are frequent and
must be handled for DKIM to be adopted and accepted.

A recommendation can be included in the DKIM spec that if a signer
encounters such messages, they either reject it and send an error to
the sender, or MIME encode it (e.g. using base64 or quoted-printable
CTE) before signing.

--ewh


<Prev in Thread] Current Thread [Next in Thread>