draft-ietf-dkim-threats-02 nit//Affects verification of messages?
Douglas Otis <dotis@mail-abuse.org> Thu, 06 April 2006 19:02 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FRZke-00056R-Ei; Thu, 06 Apr 2006 15:02:40 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FRZkd-00056M-JF for ietf@ietf.org; Thu, 06 Apr 2006 15:02:39 -0400
Received: from a.mail.sonic.net ([64.142.16.245]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FRZkc-0003Ob-8o for ietf@ietf.org; Thu, 06 Apr 2006 15:02:39 -0400
Received: from [168.61.10.151] (SJC-Office-DHCP-151.Mail-Abuse.ORG [168.61.10.151]) (authenticated bits=0) by a.mail.sonic.net (8.13.6/8.13.3) with ESMTP id k36J2GBA016181 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO) for <ietf@ietf.org>; Thu, 6 Apr 2006 12:02:37 -0700
Mime-Version: 1.0 (Apple Message framework v749.3)
Content-Transfer-Encoding: 7bit
Message-Id: <9DB1AE2D-D2FE-46E8-A66B-1B8B9C34AFE8@mail-abuse.org>
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
To: IETF Discussion <ietf@ietf.org>
From: Douglas Otis <dotis@mail-abuse.org>
Date: Thu, 06 Apr 2006 12:02:58 -0700
X-Mailer: Apple Mail (2.749.3)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 50a516d93fd399dc60588708fd9a3002
Subject: draft-ietf-dkim-threats-02 nit//Affects verification of messages?
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org
,---- |1.2. Document Structure |... | | The sections dealing with attacks on DKIM each begin with a table | summarizing the postulated attacks in each category along with their | expected impact and likelihood. The following definitions were used | as rough criteria for scoring the attacks: | | Impact: | | High: Affects the verification of messages from an entire domain or | multiple domains '____ It is not clear what is meant by "affects verification of messages." The verification process depends only upon the integrity of the network infrastructure. The threat document should consider the impact upon the classification of a domain's messages. Even when a private key is compromised, the verification process still passes valid messages. The threat review indicates a compromised key as causing a high impact. One could conclude this impact results when messages from a bad actor accrue to the exploited domain. The introduction offers these possible uses of DKIM. ,---- | Once the attesting party or parties have been established, the | recipient may evaluate the message in the context of additional | information such as locally-maintained whitelists, shared reputation | services, and/or third-party accreditation. '____ A threat document should consider how an exploit might affect these uses of DKIM. Change: "Affects the verification of messages..." to "Affects the classification of messages..." -Doug _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- draft-ietf-dkim-threats-02 nit//Affects verificat… Douglas Otis