[ietf-dkim] Re: Responsibility concerns with Designated
dotis at mail-abuse.org
Sat Aug 26 08:35:41 PDT 2006
On Sat, 2006-08-26 at 14:54 +0200, Frank Ellermann wrote:
> Stephen Farrell wrote:
> > But yet again, each form of delegation has its issues.
> Right, but those forms where the delegator can delegate
> without prior and explicit consent of the delegatee are
> beyond my no-nonsense limit. Ideally "explicit" should
> allow receivers to verify this.
> If an ISP uses a "we sign everything" strategy, and many
> customers belong to botnets, then a "bad actor" could
> register eboy (with an "O"), delegate eboy-signing to this
> ISP unilaterally, and phish using his zombies with accounts
> at this ISP. SSP shouldn't allow this by design.
A bad actor can register look-alike domains and added their own DKIM
signature sent through any number of providers. Designation does not
make this problem worse. With the entire email-address being
internationalized, a problem of visual recognition must be handled
through other strategies.
Imagine the MUA has several types of annotations added to messages with
DKIM's wonderful valid 2822.From address:
- In Address Book
- Matching Address/Signature Domains
- Certified by
Look-alikes might be handled by annotating messages with valid addresses
found in the address book. Adding this mechanism allows the MUA to
safely recognize correspondents, independently from the domain that was
used to sign the message and still avoid the look-alike issue.
There can be different annotations that indicate when the signing domain
and the email-address domain match. An organizing finding themselves
the subject of phish attacks should take this extra precaution. Perhaps
policy adds a certification vector as well.
Designations help the small outfit. Why deal with the negotiations and
specialized services? There can still be safe annotation. It might not
look as impressive as that seen with the bigger outfits.
More information about the ietf-dkim