[ietf-dkim] Policy decision tree outcomes

[Hallam-Baker, Phillip]

> From: ietf-dkim-bounces at mipassoc.org 
> [mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of Charles Lindsey
> Sent: Wednesday, November 15, 2006 6:43 AM
> To: DKIM
> Subject: Re: [ietf-dkim] Policy decision tree outcomes
> 
> On Tue, 14 Nov 2006 16:57:28 -0000, Hallam-Baker, Phillip 
> <pbaker at verisign.com> wrote:
> 
> >> From: ietf-dkim-bounces at mipassoc.org
> >> [mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of 
> Charles Lindsey
> 
> >> AXIOM-2 denied.
> >>
> >> If it finds a satisfactory authentication from a signer with an 
> >> apalling reputation, it should be _very_ suspicious.
> 
> > In fact if the sender has a bad reputation I will not even 
> bother to 
> > verify the signature let alone the policy. I will return to 
> this when 
> > proposing a processing algorithm for my policy mechanism.
> 
> The apalling reputations I have in mind are when the signer 
> is a known spammer who tries to dupe people by providing a 
> valid signature which has no value. Oddly, in this case, it 
> would have marginally more value if verification failed.

This is an authorization decision, not an authentication decision. 

If something purports to come from a sender with bad reputation it is going in the bit bucket whether or not it is authentic.


> >> > LEMMA-2: There is no value in distinguishing between any of
> >> the cases
> >> > A, B, C, D
> >> >
> >>
> >> >     AXIOM-4:    There is no value in distinguishing between
> >> states that
> >> > 		can be reached by an attacker.
> >>
> >> AXION-4 Denied.
> >>
> >> Attackers can easily do bad things before the message is 
> submitted to 
> >> the MSA.
> >>
> >> It is much harder to attack a message once it has left its 
> >> originating MUA. You either need to have accomplices 
> inside the ISP, 
> >> or to be able to hack into it, or to have discovered a weakness in 
> >> its procedures, ... .
> >> This limits the states that attackers can easily be reach, and 
> >> verifiers are quite entitled to attribute more suspicion to the 
> >> easier states.
> >
> > OK: correction no point in distinguishing between states that are 
> > reachable with equal degree of difficulty.
> >
> But there may well be value in distinguishing the likelihood 
> of some state being reached accidentally rather than 
> deliberately. So you might conclude that C1 was more (or 
> maybe less) likely than C2, according to your esperience of 
> how well genuine signatures survive on the real net. So if 
> you are using spamassassin and applying a given score to a 
> missing signatue (case A) you might apply a different score 
> to a failed signature (case B) and a different score again to 
> an unacceptable signature (case D). And the score would in 
> all cases be adjusted according to the SSP reported by the signer.

You can do that for a static analysis but it isn't going to work if the spammers adapt.

The point I was making here is that a spammer can create fake signatures of type A, B, C with roughly the same difficulty.

If we show that the corresponding 'legitimate' state is unlikely we can conclude that a message with that phenomena is definitely a fake.

State A1 is the current norm, most messages have no signature. So A1 is likely.

State B1 occurs as the norm when a new signature algorithm is introduced, So B1 is likely.

State C1 currently occurs due to crappy intermediaries. So C1 is currently likely but we can argue that over time the probability might change.

State D1 is certain to occur during a transition from a broken signature algorithm. People still use DES.