[ietf-dkim] New Issue: 4.2 needs new Attack
Item: InconsistentSignature vs Policy Attacks
Bill.Oxley at cox.com
Bill.Oxley at cox.com
Tue Jan 31 09:36:45 PST 2006
The hacker does not need access to my zone, he just attaches a lookalike
header yes " And to have *any* rule that allows bypass of defense
based upon the receipt of a header from outside your control is
extremely dangerous." But folks will do it anyway
Bill Oxley
Messaging Engineer
Cox Communications, Inc.
Alpharetta GA
404-847-6397
bill.oxley at cox.com
-----Original Message-----
From: Michael Thomas [mailto:mike at mtcc.com]
Sent: Tuesday, January 31, 2006 12:08 PM
To: Oxley, Bill (CCI-Atlanta)
Cc: fenton at cisco.com; hsantos at santronics.com; ietf-dkim at mipassoc.org
Subject: Re: [ietf-dkim] New Issue: 4.2 needs new Attack Item:
InconsistentSignature vs Policy Attacks
Bill.Oxley at cox.com wrote:
> If I do not publish any key records and a bad actor whips up an email
> purported to be from me with a fake signature attached, a non dkim
> compliant mta may have a rule that states "signed messages are
probably
> okay" that might bypass some spam checking software. Before DKIM is
> fully adopted/deployed expect to see this happen,
Unless the attacker also has access to your zone, they won't
be able to insert their key into it, and thus the signature will
never verify. And to have *any* rule that allows bypass of defense
based upon the receipt of a header from outside your control is
extremely dangerous. It would be nothing better than a
security-through-obscurity backdoor.
Mike
More information about the ietf-dkim
mailing list