[ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?

Scott Kitterman ietf-dkim at kitterman.com
Mon Aug 22 11:02:56 PDT 2005 

Douglas Otis wrote:
> 
> On Aug 22, 2005, at 8:35 AM, Scott Kitterman wrote:
> 
>> To summarize, you think that SSP is dangerous, won't do what it's  
>> proponents claim, and can't be fixed.  Thus SSP and it's ilk  
>> shouldn't be dealt with by the working group.  You believe that  there 
>> are other, better ways to solve whatever problem it is that  you are 
>> trying to solve.
>>
>> I, and I believe others, think that SSP is essential and that while  
>> DKIM signatures alone may have some value, the marginal utility for  
>> DKIM absent some expression of sender policy is low.
> 
> I don't think this adequately restates my view.  For example, the  draft 
> for the CSA record provides for domain-wide assertions that  demand out 
> bound servers within the domain must have a CSA record.   This assertion 
> is not tied to a mailbox-address, nevertheless the  assertion provides 
> actionable value.
> 
> http://www.mipassoc.org/csv/draft-ietf-marid-csv-csa-02.html

Thanks for the clarification.  I certainly didn't mean to mis-state your 
views.  So to narrow my previous attempt at a summary, you think that 
domain-wide assertions cannot be accurately made for mail addresses, but 
that it can for HELO/EHLO?  If that's right, do you believe it to be 
true for the domain part of an address or just out of bounds for the 
entire address (domain and localpart)?

> The same type of domain-wide assertion, in the same manner, would be  
> possible without imposing a requirement that the signature be bound  to 
> a header.  A new domain-wide assertion (even perhaps by a CSA  record) 
> could be that any domain's signature is demanded within this  domain.  
> The CSA assertion could also indicate signatures by the  domain itself 
> are demanded within this domain.

OK.  I don't understand.  Are you saying that you think a domain might 
successfully assert that if HELO/EHLO is from within the domain then all 
  mail must be signed by the domain?  If so, such an approach would seem 
to provide an assurance exactly when it isn't needed.
> 
> HELO verification could be considered a weaker form of DKIM  
> verification, but which can not be securely carried forward within  the 
> message.  HELO verification, in addition to being able to  mitigate 
> subsequent lookups for domain-wide assertions, also provides  a 
> significant level of DoS resistance not available with a  signature.  
> HELO verification by a CSA record could also mitigate a  need to do DKIM 
> revocation checks.

Yes.  And there are other, much more widely deployed, methods for doing 
HELO verification, but that's certainly off-topic for a DKIM list, so I 
won't go there.

> The difference of opinion is really whether there is value binding  
> domain-wide assertions to mailbox-addresses.  This binding of mailbox- 
> addresses would be of little use once an "accountable domain" is  
> available and can be seen by recipients, or used with manual  filtering 
> rules.  Attempts to bind signatures through domain-wide  assertions with 
> mailbox-addresses will create unintended  administrative issues sure to 
> stifle DKIM acceptance, rather than  acting as motivation.

So, would it be fair to say that your position is that there is no way 
to reliably bind a DKIM signature to currently displayed mail addresses 
and so DKIM can be used for nothing but filtering and post-facto 
reporting until MUAs are upgraded to display the signed (accountable) 
domain?  And that it will be up to users to determine the relationship 
between the signing domain and the e-mail addresses and evaluate the 
legitimacy of the message?

Scott Kitterman

More information about the ietf-dkim mailing list