[ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?

Jim Fenton fenton at cisco.com
Fri Aug 26 15:12:03 PDT 2005 

Earl Hood wrote:

>On August 25, 2005 at 09:22, Jim Fenton wrote:
>  
>
>>The intent of 
>>restricting third-party signatures is to prevent messages signed by 
>>mailing lists and the like (and particularly by attackers posing as 
>>such) from being considered verified if there isn't also a valid OA 
>>signature.
>>    
>>
>
>Exactly.  This is why third-party signing should never be enabled.
>As DKIM is defined now, no OA should ever enable 3rd-party signing.
>  
>
This means that any message that is modified in transit, such as those 
that pass through this mailing list, would never be considered valid.  
Some domains are more concerned with making sure their message gets 
through than with the possibility that a third-party signature might be 
exploited.

>>>>For those where this would matter, then  
>>>>making the assertion should be required.
>>>>        
>>>>
>>>You are assuming that a domain owner is aware of DKIM.  When DKIM is
>>>deployed, you cannot require all domain owners to set up SSP records
>>>immediately.
>>>
>>>      
>>>
>>I'm confused about who's saying what, apparently.  I thought you (Earl) 
>>were advocating a default SSP of "I don't sign anything" which would 
>>require the SSP to be set up at the same time as the selectors.
>>    
>>
>
>My statement refers to the default assumption made in the SSP draft
>about a non-existent SSP record.  The draft states,
>
>  If the Sender Signing Policy record does not exist, verifier systems
>  MUST assume that some messages from this entity are not signed and
>  the message SHOULD NOT be considered to be Suspicious.
>
>Nothing is said about a valid (non-OA) signature when no SSP record
>exists.
>  
>
When the OA isn't signing everything, I don't understand how policy that 
relates to how others apply third-party signatures to those messages is 
useful.

>Earlier in the draft,
>
>  Verifiers checking messages that do not have at least one valid
>  signature MUST perform a Sender Signing Policy Check by doing a
>  DNS query to the domain specified by the Originator Address.
>
>Should it state, "do not have at least one valid *OA-based*
>signature..."?  Otherwise, if the only signature is a valid third-party
>signature, no SSP check is required.
>  
>
I agree.  That looks like a bug in the spec.  An OA-based signature is 
required to bypass the SPC.

-Jim

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mipassoc.org/pipermail/ietf-dkim/attachments/20050826/d1b318a0/attachment.html

More information about the ietf-dkim mailing list