[ietf-dkim] New Issue: 4.2 needs new Attack Item:
InconsistentSignature vs Policy Attacks
Bill.Oxley at cox.com
Bill.Oxley at cox.com
Tue Jan 31 08:30:41 PST 2006
> Direct attacks would be bad actor attempts to exploit compliant
DKIM/SSP
> systems. Indirect attacks would be bad actors attempts to exploit
> non-compliant DKIM/SSP and rely in "social engineering" exploits.
With
> indirect attacks, bad actors will not emphasize on protocol
correctness.
>
> These attacks can be detected if the SSP is checked against the domain
> whether the message is signed or not. This will lower the risk, the
> uncertainty of bad attack exploits and hence, lower the impact of
these
> high probably attacks
>
>Sorry, I'm not following this either. It seems the threat has to do
>with receipt of signed messages when none should be expected. But
isn't
>this addressed simply by not publishing any key records?
If I do not publish any key records and a bad actor whips up an email
purported to be from me with a fake signature attached, a non dkim
compliant mta may have a rule that states "signed messages are probably
okay" that might bypass some spam checking software. Before DKIM is
fully adopted/deployed expect to see this happen,
Thanks,
Bill Oxley
Messaging Engineer
Cox Communications, Inc.
Alpharetta GA
404-847-6397
bill.oxley at cox.com
More information about the ietf-dkim
mailing list