[ietf-dkim] draft-ietf-dkim-threats-02 nit//Message replay impact rating
Douglas Otis <dotis@mail-abuse.org> Thu, 06 April 2006 19:27 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FRa99-0001ee-Gs for ietf-dkim-archive@lists.ietf.org; Thu, 06 Apr 2006 15:27:59 -0400
Received: from sb7.songbird.com ([208.184.79.137]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FRa99-0004JP-5V for ietf-dkim-archive@lists.ietf.org; Thu, 06 Apr 2006 15:27:59 -0400
Received: from sb7.songbird.com (sb7.songbird.com [127.0.0.1]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k36J4Z1o026414; Thu, 6 Apr 2006 12:04:36 -0700
Received: from a.mail.sonic.net (a.mail.sonic.net [64.142.16.245]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k36J3G3p026149 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-dkim@mipassoc.org>; Thu, 6 Apr 2006 12:03:16 -0700
Received: from [168.61.10.151] (SJC-Office-DHCP-151.Mail-Abuse.ORG [168.61.10.151]) (authenticated bits=0) by a.mail.sonic.net (8.13.6/8.13.3) with ESMTP id k36J2GBC016181 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO) for <ietf-dkim@mipassoc.org>; Thu, 6 Apr 2006 12:02:40 -0700
Mime-Version: 1.0 (Apple Message framework v749.3)
Content-Transfer-Encoding: 7bit
Message-Id: <971BB349-4EAA-4581-A8AA-48D9D29F1FC5@mail-abuse.org>
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
To: IETF-DKIM <ietf-dkim@mipassoc.org>
From: Douglas Otis <dotis@mail-abuse.org>
Date: Thu, 06 Apr 2006 12:03:01 -0700
X-Mailer: Apple Mail (2.749.3)
X-Songbird: Clean, Clean
Subject: [ietf-dkim] draft-ietf-dkim-threats-02 nit//Message replay impact rating
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org
X-SongbirdInformation: support@songbird.com for more information
X-Songbird-From: ietf-dkim-bounces@mipassoc.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464
4.1. Attacks Against Message Signatures
...
| Chosen message replay | Low | M/
H |
| Signed message replay | Low |
High |
It is not clear how these two message replay exploits remain a low
impact. Obviously, just as with a compromised key, messages from a
bad actor accrue to the exploited domain. Neither a highly repeated
signature nor From email-address are useful mechanisms for detecting
these types of exploits. Valid messages sent from various types of
lists will exhibit the same characteristics as a message replay. Key
revocation, reputation, or accreditation will also be too slow to
respond to these exploits. If there is another explanation, then it
should be added in the respective sections.
Change to:
| Chosen message replay | Low* | M/
H |
| Signed message replay | Low* |
High |
* The low impact assessment assumes the signing domain's accrual is
not classified as a basis for acceptance.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
- [ietf-dkim] draft-ietf-dkim-threats-02 nit//Messa… Douglas Otis