Re: [secdir] Secdir review of draft-kucherawy-fkim-atps
"Polk, William T." <william.polk@nist.gov> Tue, 03 January 2012 21:51 UTC
Return-Path: <william.polk@nist.gov>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE1E311E8107; Tue, 3 Jan 2012 13:51:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iGlKZjWEXRK0; Tue, 3 Jan 2012 13:51:57 -0800 (PST)
Received: from wsget2.nist.gov (wsget2.nist.gov [129.6.13.151]) by ietfa.amsl.com (Postfix) with ESMTP id F40F111E80AC; Tue, 3 Jan 2012 13:51:55 -0800 (PST)
Received: from WSXGHUB1.xchange.nist.gov (129.6.18.96) by wsget2.nist.gov (129.6.13.151) with Microsoft SMTP Server (TLS) id 14.1.355.2; Tue, 3 Jan 2012 16:51:39 -0500
Received: from MBCLUSTER.xchange.nist.gov ([fe80::d479:3188:aec0:cb66]) by WSXGHUB1.xchange.nist.gov ([129.6.18.96]) with mapi; Tue, 3 Jan 2012 16:51:55 -0500
From: "Polk, William T." <william.polk@nist.gov>
To: "draft-kucherawy-dkim-atps@tools.ietf.org" <draft-kucherawy-fkim-atps@tools.ietf.org>, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Date: Tue, 03 Jan 2012 16:51:50 -0500
Thread-Topic: Secdir review of draft-kucherawy-fkim-atps
Thread-Index: AczKYdAYCb8aZjENRPSoipvi0d41aQ==
Message-ID: <CB28E286.4857B%william.polk@nist.gov>
In-Reply-To: <CB28E0A2.48576%william.polk@nist.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.2.0.101115
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Subject: Re: [secdir] Secdir review of draft-kucherawy-fkim-atps
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jan 2012 21:51:58 -0000
[Sorry for the multiple emails, fat fingered the tools address!] On 1/3/12 4:43 PM, "Polk, William T." <william.polk@nist.gov> wrote: >I have reviewed this document as part of the security directorate's >ongoing effort to review all IETF documents being processed by the IESG. >These comments were written primarily for the benefit of the security area >directors. Document editors and WG chairs should treat these comments >just like any other last call comments. > >This draft specifies a suite of mechanisms for "authorized" third party >DKIM signatures. The suite of mechanisms includes: >(1) DNS TXT records advertising that a third party has been authorized to >apply DKIM signatures on behalf of the Administrative Mail Domain (ADMD); >(2) a pair of DKIM signature tags to specify (a) the domain of the ADMD on >whose behalf the signature was generated and (b) the selected hash >algorithm; and >(3) an algorithm for determining whether a third party signature should be >considered equivalent to a signature applied by the ADMD. > >Since the working group did not have consensus that such a mechanism was >required, this document is intended for publication as an experimental >RFC. > >In my opinion, this document is appropriate and ready for publication as >an Experimental RFC. I found it a nice straightforward read. (Thanks!) >There are two issues that I would like to raise for discussion, though. > >First, Section 4.3 states: > > "Note that the algorithm uses hashing, but this is not a security >mechanism. See Section 9.2 for discussion." > >However, Section 9.1 begins with: > > "The selection of the hash algorithm to be used (see Section 4.1) has >security implications, as weaker algorithms have more risk of collision >..." > >This seems to be a contradiction of sorts! If it has security >implications, isn't it a security mechanism? The author should give some >thought to the properties they expect from the hash in this situation and >revise either 4.3 or 9.1. > >Secondly, the more interesting issue (at least to me) is in Section 4.4. >If an error is returned from the ATPS Query, the document states that the >Verifier SHOULD stop processing and defer the message for later >processing. This establishes an obvious denial of service vector, but >that may be an acceptable tradeoff in some environments. A feature, as it >were. > >However, DKIM "deliberately makes no binding between the DNS domain of the >signer and any other identity found in the message" (Section 1). I can >envision environment where the message would be accepted by the Verifier, >even without the ATPS signature tag. In this case, we are deferring an >acceptable message because additional information *might* be available. > >That seems odd to me. Is there any reason a ATPS aware verifier couldn't >process the message and either (a) accept or (b) defer until the ATPS >query succeeds? > >At a minimum, I think a brief addition to the security considerations is >in order... > >Thanks, > >Tim Polk > > > > >
- [secdir] Secdir review of draft-kucherawy-fkim-at… Polk, William T.
- Re: [secdir] Secdir review of draft-kucherawy-fki… Polk, William T.