ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Security issue: Minority installed base of compatible MUAs?

2004-08-07 04:00:58
from [Chris Haynes] [Permanent Link] 

I reference draft-ietf-marid-core-02.txt

The abstract states that the specification is 'carefully tailored to ensure that
the overwhelming majority of legitimate emailers, remailers and mailing list
operators are already compliant'.

It says nothing about the compliance of / compatibility with existing MUAs.


Section 6.3 acknowledges that there is no defence against a message sent with a
forged From: header, but with a valid Resent-From: header.

I would imagine that this attack is relatively easy to undertake, e.g. by trojan
or zombie control of hosts which are valid 'marid1' mail originators.

It would, I imagine be a mode of attack which would be very attractive to
'phishers'.

The draft states that "in order to avoid this attack, MUAs will need to start
displaying at least the header that was verified".

My concern is the need for new MUA purchases.

I can't find reliable market share statistics, but I would imagine that Outlook
Express is the leading MUA in the world, being the default MUA supplied with the
vast majority of the world's installed base of consumer PCs.

AFAICT Outlook Express cannot directly 'display the header that was verified'
(i.e. the Resent-From: header content) under these attack conditions.  Therefore
a large proportion of the world's consumer users will have to purchase (or
otherwise obtain) new MUA software to obtain the ability to defend against this
attack.

Is the IETF MARID WG 'comfortable' with the implication that very many of the
world's PC consumers will have to purchase a new product in order to be defended
against this trivial and highly-likely attack?

In 'educating' the world about this important and high-profile defence of the
world's eMail service, is the IETF prepared to give adequate prominence to the
need for hundreds of millions of replacement product purchases?

Or, to put it another way (and one which is rather more to the point of the
present editorial phase), I think that the security analysis of section 6.3
needs to be a lot more candid about the vulnerability of (what is probably) the
majority of the world's installed base of MUAs to this attack, and about how
long it will take for Sender-ID to play a significant role in solving the
identified global problem.


Chris Haynes
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: So ... did Dewey beat Truman?, Frank Ellermann
Next by Date:  Security issue: End-user dependence on MTA integrity, Chris Haynes
Previous by Thread:  sender_agents modifier, Mark Shewmaker
Next by Thread:  Re: Security issue: Minority installed base of compatible MUAs?, Rand Wacker
Indexes:  [Date] [Thread] [Top] [All Lists]