On Sun, Dec 14, 2008 at 01:17:23AM -0800, Murray S. Kucherawy wrote:
Just to play devil's advodate:
Setting aside your view of poor MUA design for the moment, a
counter-argument to your point about reputation being evaluated at time
of reading rather than time of mailbox delivery is something that can
work to to the advantage of systems like DKIM which have the ability to
revoke a key:
- attacker manages to get some malicious content of some kind signed
under "example.com"
- message goes out
- message arrives at victim's inbox, but is as yet unread
- example.com discovers its vulnerability, figures out which key was
used, revokes the key
- MUA attempts to validate DKIM but finds that the key used to sign was
revoked and refuses to display the content
<politacally incorrect frank view>
This is PKI disease. DKIM is not S/MIME. If forgery is a serious threat,
don't rely on DKIM. DKIM enables scalable assignment of possitive
reputation to domains. Damn all the "DKIM solves phishing" marketing,
I think it is very counter-productive!
</politacally incorrect frank view>
The MUA is most often not even be able to perform the DNS lookups in
question, (webmail, MUAs behind restrictive firewalls, ...). By the time
the MUA supports RSA-1024 DKIM keys, we'll probably be using EC with
some curve the MUA has never heard of. Public key revocation is rare,
and in most cases has nothing to do with compromise of the private key,
this problem is too minor to care about.
--
Viktor.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html