IETF Logo Mail Archive

Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specification for DomainKeys]

John Capo <jc@irbs.com> Thu, 20 May 2004 18:01 UTC

Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA07570 for <asrg-archive@odin.ietf.org>; Thu, 20 May 2004 14:01:10 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQreP-00076h-2z for asrg-archive@odin.ietf.org; Thu, 20 May 2004 13:48:13 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i4KHmDsH027319 for asrg-archive@odin.ietf.org; Thu, 20 May 2004 13:48:13 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQrcB-00066X-DO for asrg-web-archive@optimus.ietf.org; Thu, 20 May 2004 13:45:55 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA06128 for <asrg-web-archive@ietf.org>; Thu, 20 May 2004 13:45:52 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BQrc8-0003cZ-VM for asrg-web-archive@ietf.org; Thu, 20 May 2004 13:45:53 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BQrbC-0003YH-00 for asrg-web-archive@ietf.org; Thu, 20 May 2004 13:44:55 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BQram-0003Ui-00 for asrg-web-archive@ietf.org; Thu, 20 May 2004 13:44:28 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQrQf-0003UH-UN; Thu, 20 May 2004 13:34:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQrDy-0000Bc-1s for asrg@optimus.ietf.org; Thu, 20 May 2004 13:20:54 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA03894 for <asrg@ietf.org>; Thu, 20 May 2004 13:20:51 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BQrDw-0000nC-1G for asrg@ietf.org; Thu, 20 May 2004 13:20:52 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BQrD6-0000jl-00 for asrg@ietf.org; Thu, 20 May 2004 13:20:00 -0400
Received: from mxout-04.mxes.net ([65.77.21.94]) by ietf-mx with esmtp (Exim 4.12) id 1BQrCK-0000eC-00 for asrg@ietf.org; Thu, 20 May 2004 13:19:12 -0400
Received: from exuma.irbs.com (exuma.irbs.com [216.86.160.252]) by smtp.mxes.net (Postfix) with ESMTP id 4FA9D3C2911 for <asrg@ietf.org>; Thu, 20 May 2004 13:19:06 -0400 (EDT)
Received: from localhost.irbs.com (localhost.irbs.com [127.0.0.1]) by exuma.irbs.com (Postfix) with ESMTP id E6F741741C for <asrg@ietf.org>; Thu, 20 May 2004 13:19:05 -0400 (EDT)
Received: by exuma.irbs.com (Postfix, from userid 2500) id BF56517418; Thu, 20 May 2004 13:19:05 -0400 (EDT)
From: John Capo <jc@irbs.com>
To: asrg@ietf.org
Subject: Re: [Asrg] [Fwd: Yahoo! Mail Publishes Specification for DomainKeys]
Message-ID: <20040520171905.GA36075@exuma.irbs.com>
Reply-To: jc@irbs.com
References: <40AAB82D.3090004@solidmatrix.com> <40AC314F.9030501@elvey.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <40AC314F.9030501@elvey.com>
User-Agent: Mutt/1.4.1i
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Thu, 20 May 2004 13:19:05 -0400
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60

Quoting Matthew Elvey (matthew@elvey.com):
> 
> DK requires orders of magnitude more
> work to adopt, though not as much as SPF+SRS.

Nod.

> 
> DK is about as reliant on blacklists/reputation services as other 
> proposals. Without them, CSV is not easier for a spammer to circumvent 
> than DK or SPF.  They all require that something be put in a DNS entry 
> for a domain that costs approximately nothing to put there beyond the 
> cost of the domain itself. DKs aren't signed by CAs, remember.
> Exploit: A spammer would have control of the DNS server for the 
> responsible domain, and a BotNet spamming node would spam with a valid 
> DK.  The DK would be in the zombie worm that created the BotNet, or even 
> communicated via IRC.
> 
> So, I think DK is shown to be about as trivial to circumvent as the 40% 
> solution / CSV+++.

Unless I'm missing something I think its even easier to circumvent
and Yahoo! seems to agree:

    6.5 Envelope audit

    [ To be discussed: Identify the preconditions in the base document
    that allow for envelope auditing to protect against replay and
    joe-jobs ]

All that is signed is what is received by the signing MTA.  Get a
Yahoo! throwaway account.  Send email from Yahoo! to yourself at
another account.  Strip headers added in transit and you have a DK
signed message that can be wrapped in a new envelope and it will
verify as signed by Yahoo!.

If widely adopted, DK or something like it might go a long way
towards stopping phishing.  But the phisher can still register a
domain that looks like paypal.com, valued-paypal-customer.com, and
sign that himself and the naive user will still get sucked into the
fraud.

John Capo
Tuffmail.com

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email