Re: The cost of choices

YES!  However, this checking currently goes contrary
to the wording of the SSP draft.  If the signature is
valid, doing a SSP lookup is not required.


I don't see that in the SSP draft.  I see this:

"If the message contains a valid signature on behalf of the
Originator Address no Sender Signing Policy Check need
be performed: the verifier SHOULD NOT look up the Sender
Signing Policy and the message SHOULD be considered
non-Suspicious. "

The key is the "on behalf of the Originator Address" language. Since thatisn't the case in the examples we've been discussing an SSP check wouldapply.

We need clearer text in the SSP draft siting when a check is required andwhen it isn't. Perhaps this language could clear it up some:

"Sender Signing Policy Checks MUST be based on the Originator Address andare REQUIRED in the following situations:


a) all unsigned messages MUST perform a Sender Signing Policy Check

b) all signed messages in which there are no verifiable signatures MUSTperform a Sender Signing Policy Checkb) all signed messages which contain a verifiable signature in which thedomain of the signing entity is not the same as or a parent domain of theOriginator Address MUST perform a Sender Signing Policy CheckIf the message contains a valid signature in which the domain of the signingentity is the same as or a parent domain of the Originator Address then noSender Signing Policy Check need be performed: the verifier SHOULD NOT lookup the Sender Signing Policy and the message SHOULD be considerednon-Suspicious.

Sender Signing Policy Checks are done by doing a DNS query to the domainspecified in the Originator Address. The query MUST be for the search key"_policy._domainkey.<domain>", where <domain> is the domain of theOriginator Address. The query may return either a DKSSP record or a TXTrecord; the DKSSP record MUST override the TXT record."



--
Arvel

----- Original Message -----From: "Earl Hood" <earl(_at_)earlhood(_dot_)com>

To: <ietf-mailsig(_at_)imc(_dot_)org>
Sent: Wednesday, July 27, 2005 9:30 PM
Subject: Re: The cost of choices


On July 27, 2005 at 19:31, "Arvel Hathcock" wrote:

Yes, this is correct and is the mechanism preventing an attacker from
spoofing your domain in the From header and signing with his own keythereby
possibly making the recipient assume you sent a signed message.


YES!  However, this checking currently goes contrary to the wording
of the SSP draft.  If the signature is valid, doing a SSP lookup
is not required.

To deal with the above scenario, SSP lookup must always be done,
even if the signature is valid.

--ewh

<Prev in Thread]	Current Thread	[Next in Thread>
RE: The cost of choices, Hallam-Baker, Phillip Re: The cost of choices, Michael Thomas Re: The cost of choices, Dave Crocker Re: The cost of choices, Arvel Hathcock Re: The cost of choices, Dave Crocker RE: The cost of choices, James Scott Re: The cost of choices, Arvel Hathcock Re: The cost of choices, Earl Hood Re: The cost of choices, Arvel Hathcock <= Re: The cost of choices, Jim Fenton Re: The cost of choices, Hector Santos Re: The cost of choices, Jim Fenton DKIM KEY SSP Override Option [was Re: The cost of choices], Hector Santos Re: DKIM KEY SSP Override Option [was Re: The cost of choices], Michael Thomas Re: DKIM KEY SSP Override Option [was Re: The cost of choices], Jim Fenton Re: DKIM KEY SSP Override Option [was Re: The cost of choices], Jim Fenton Re: The cost of choices, Earl Hood Re: The cost of choices, Arvel Hathcock Re: The cost of choices, Earl Hood

Previous by Date:	Re: The cost of choices, Arvel Hathcock
Next by Date:	Re: revised Proposed Charter, william(at)elan.net
Previous by Thread:	Re: The cost of choices, Earl Hood
Next by Thread:	Re: The cost of choices, Jim Fenton
Indexes:	[Date] [Thread] [Top] [All Lists]