[ietf-dkim] DKIM SSP: Security vulnerability when SSP record
does not exist?
ietf-dkim at kitterman.com
Mon Aug 22 11:02:56 PDT 2005
Douglas Otis wrote:
> On Aug 22, 2005, at 8:35 AM, Scott Kitterman wrote:
>> To summarize, you think that SSP is dangerous, won't do what it's
>> proponents claim, and can't be fixed. Thus SSP and it's ilk
>> shouldn't be dealt with by the working group. You believe that there
>> are other, better ways to solve whatever problem it is that you are
>> trying to solve.
>> I, and I believe others, think that SSP is essential and that while
>> DKIM signatures alone may have some value, the marginal utility for
>> DKIM absent some expression of sender policy is low.
> I don't think this adequately restates my view. For example, the draft
> for the CSA record provides for domain-wide assertions that demand out
> bound servers within the domain must have a CSA record. This assertion
> is not tied to a mailbox-address, nevertheless the assertion provides
> actionable value.
Thanks for the clarification. I certainly didn't mean to mis-state your
views. So to narrow my previous attempt at a summary, you think that
domain-wide assertions cannot be accurately made for mail addresses, but
that it can for HELO/EHLO? If that's right, do you believe it to be
true for the domain part of an address or just out of bounds for the
entire address (domain and localpart)?
> The same type of domain-wide assertion, in the same manner, would be
> possible without imposing a requirement that the signature be bound to
> a header. A new domain-wide assertion (even perhaps by a CSA record)
> could be that any domain's signature is demanded within this domain.
> The CSA assertion could also indicate signatures by the domain itself
> are demanded within this domain.
OK. I don't understand. Are you saying that you think a domain might
successfully assert that if HELO/EHLO is from within the domain then all
mail must be signed by the domain? If so, such an approach would seem
to provide an assurance exactly when it isn't needed.
> HELO verification could be considered a weaker form of DKIM
> verification, but which can not be securely carried forward within the
> message. HELO verification, in addition to being able to mitigate
> subsequent lookups for domain-wide assertions, also provides a
> significant level of DoS resistance not available with a signature.
> HELO verification by a CSA record could also mitigate a need to do DKIM
> revocation checks.
Yes. And there are other, much more widely deployed, methods for doing
HELO verification, but that's certainly off-topic for a DKIM list, so I
won't go there.
> The difference of opinion is really whether there is value binding
> domain-wide assertions to mailbox-addresses. This binding of mailbox-
> addresses would be of little use once an "accountable domain" is
> available and can be seen by recipients, or used with manual filtering
> rules. Attempts to bind signatures through domain-wide assertions with
> mailbox-addresses will create unintended administrative issues sure to
> stifle DKIM acceptance, rather than acting as motivation.
So, would it be fair to say that your position is that there is no way
to reliably bind a DKIM signature to currently displayed mail addresses
and so DKIM can be used for nothing but filtering and post-facto
reporting until MUAs are upgraded to display the signed (accountable)
domain? And that it will be up to users to determine the relationship
between the signing domain and the e-mail addresses and evaluate the
legitimacy of the message?
More information about the ietf-dkim