[ietf-dkim] draft-ietf-dkim-threats-03
Douglas Otis <dotis@mail-abuse.org> Wed, 31 May 2006 17:54 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FlUuJ-0003x5-HB for ietf-dkim-archive@lists.ietf.org; Wed, 31 May 2006 13:54:59 -0400
Received: from sb7.songbird.com ([208.184.79.137]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FlUrA-0005JK-TN for ietf-dkim-archive@lists.ietf.org; Wed, 31 May 2006 13:51:46 -0400
Received: from sb7.songbird.com (sb7.songbird.com [127.0.0.1]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k4VHnqtS031124; Wed, 31 May 2006 10:49:54 -0700
Received: from a.mail.sonic.net (a.mail.sonic.net [64.142.16.245]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k4VHnatD031095 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-dkim@mipassoc.org>; Wed, 31 May 2006 10:49:40 -0700
Received: from [10.2.164.130] (SJC-Office-NAT-218.Mail-Abuse.ORG [168.61.10.218]) (authenticated bits=0) by a.mail.sonic.net (8.13.6/8.13.3) with ESMTP id k4VHn2aR005743 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO) for <ietf-dkim@mipassoc.org>; Wed, 31 May 2006 10:49:02 -0700
Mime-Version: 1.0 (Apple Message framework v750)
Content-Transfer-Encoding: 7bit
Message-Id: <B801493E-E850-4F2C-A065-5569A8043DFC@mail-abuse.org>
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
To: IETF-DKIM <ietf-dkim@mipassoc.org>
From: Douglas Otis <dotis@mail-abuse.org>
Date: Wed, 31 May 2006 10:48:58 -0700
X-Mailer: Apple Mail (2.750)
X-Songbird: Clean, Clean
Subject: [ietf-dkim] draft-ietf-dkim-threats-03
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org
X-SongbirdInformation: support@songbird.com for more information
X-Songbird-From: ietf-dkim-bounces@mipassoc.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b7b9551d71acde901886cc48bfc088a6
The changes made to the 03 document are an improvement over the 02 document. There were outstanding issues excluded such as the introductory sentence that Jim and Eric had also raised. The impression made at the Dallas meeting was the introduction used in the Base draft. Adopting the introduction of the current base draft provides a clearer statement of the DKIM mechanism. Linking to an email-address is an optional extension of the DKIM mechanism. http://mipassoc.org/pipermail/ietf-dkim/2006q2/003077.html ---- "Affects the verification" remains a serious error. For example, a compromised key does _not_ affect message verification, although a compromised key is listed as having a high impact. http://mipassoc.org/pipermail/ietf-dkim/2006q2/003078.html ---- There are packet amplifications considerations still not mentioned in the threat draft, such as techniques suggested on the the mailing list where wildcard keys might be used to facilitate message or user level revocation. Other potentially hazardous techniques include label tree searches for parent policy records over a series of email- addresses. Currently DKIM offers no technique to limit the number of verifications attempted per message, or the requisite number of DNS transactions. The statement "a DNS-based solution to this problem will likely be required" suggests little appreciation of DKIM's possible contribution to the packet amplification problem and the limited solutions available. http://mipassoc.org/pipermail/ietf-dkim/2006q2/003076.html ---- It is still impractical to differentiate between a compromised key and a replay problem from the perspective of message verification when attempting to block abuse. Such blocking can cause a major impact however. The threat draft makes an assumption that only the email-address is affected, but this implies that a limited number of email-addresses are affected, and that the signing-domain also restricts use of email-addresses. These two assumption are not valid for a large population of signing domains. The verification process offers no clue as to what is abusive replay or what is generated from a compromised key. "Affects verification" is an nonsensical basis for assessing impact. http://mipassoc.org/pipermail/ietf-dkim/2006q2/003075.html ---- An abrupt algorithm change without a dual signature transition invites algorithm spoofing classified as an "unknown" algorithm. Dealing with a worst-case scenario requires that verifiers avoid weaker algorithms when detecting a signature offering a superior algorithm had been removed. This could be accomplished by specifying a signature referencing a key with a deprecation flag must be companied by a signature referencing a key without this flag, for example. Making this situation worse, there is no assured means to verify whether a future key h= and k= parameters conform to a signature a= parameter. Lack of specificity for future algorithm formats permits an algorithm spoof exploit. This specification deficiency will be disruptive. An abrupt transition provides the same status for valid messages as those spoofing algorithms. This threat remains an open issue in both the threat as well as the base document. Eliminating this threat requires only minimal specification change without altering the appearance of the present keys or signatures. http://mipassoc.org/pipermail/ietf-dkim/2006q2/003074.html ---- -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
- [ietf-dkim] draft-ietf-dkim-threats-03 Douglas Otis