[ietf-dkim] Re: I think we can punt the hard stuff as out of scope.
mike at mtcc.com
Tue Jun 5 10:54:09 PDT 2007
Hallam-Baker, Phillip wrote:
>> From: Michael Thomas [mailto:mike at mtcc.com]
>>> NOMAIL is out of scope, but wildcard is in scope.
>>> The relevance here is that it looks like we can get 95% or
>> better coverage of the real use cases here by acknowledging
>> that wildcards are primarily an issue for NOMAIL.
>> It is? If I sign everything for my domain, I'd like to be
>> able to say that for both the top level domain, and all of
>> the subdomains too, right?
> Why would you be signing a subdomain that does not have an A record?
> Come to that how does your understanding of DKIM policy work for a node that has no A record, no MX record and no related key records? If you have a policy 'I sign all mail' what restrictions do you impose on the key records?
Let's review the attack:
example.com: "I sign everything"
attacker sends mail purportedly from example.com. I look up example.com,
get the "I sign everything" record, I know it is forged. All is good.
attacker then sends mail purportedly from alsdkfjasdf.example.com. I
look up policy for that node, and find nothing. All is not good.
If I use a wildcard as well:
*.example.com: "I sign everything"
It will cover all subdomains *except* ones that have an RR (usually an
A record). Thus, we need something that covers those nodes too. Hence
the tree walk, forcing those nodes to have the policy RR there too, etc.
I don't understand what you wrote above has to do with this attack.
More information about the ietf-dkim