ietf-mxcomp
[Top] [All Lists]

Re: So here it is one year later...

2005-02-01 01:48:28

On Tue, 2005-02-01 at 00:20 -0800, Douglas Otis wrote:
What are the security concerns of which you speak?

This was raised on the CLEAR mailing list by William Leibzon and
responded to by Tony Finch.  Follow the thread.

http://mipassoc.org/pipermail/ietf-clear/2004-November/000133.html

Ah yes; I had seen that but discarded it as irrelevant in the context of
BATV -- BATV alone doesn't really offer the _recipient_ much benefit
along those lines anyway. Referring to the examples in message
000146.html, it's obvious that with BATV the attacker could just send a
mail from 'batv=INVALIDBATVTAG/victim(_at_)domain' anyway, and the recipient
would have no means to validate that.

In the context of SES it's slightly more relevant, but really not by
far. It involves a naïve user actually looking in the message headers
for the reverse-path and _incorrectly_ identifying it as an SES
localpart, thus having faith in it. (If the MUA were to be modified to
show SES/BATV reverse-paths more prominently, of course it wouldn't have
the false positives that wetware can have).

In general, users don't do that. Either they're capable of telling the
difference, or they're not going to be looking in the headers for it
anyway. The middle ground is relatively rare.

It also involves the domain owner/admin actually permitting that kind of
reverse-path to be used in outgoing mail, and authorising it as valid if
it's sent from elsewhere.

-- 
dwmw2