[ietf-dkim] DKIM Interoperability Event notes
Hector Santos
hsantos at santronics.com
Thu Nov 8 16:26:15 PST 2007
Murray S. Kucherawy wrote:
> On Thu, 8 Nov 2007, Hector Santos wrote:
>> Attackers will be able to create a FAILED fascimile of a primary
>> domain DKIM complete message and as long as the primary has a t=y
>> policy, the attackers need not worry about HASH PERFECTION - it just
>> randomly creates a signature with a junk hash because the t=y will
>> promote a IGNORE FAILURE concept.
>
> OK so in fact the complaint is "t=y is dangerous", not "a hacker could
> insert t=y into someone's policy" (which is what you originally said).
> There are other people here who can debate that as well as or better
> than I so I'll yield.
Ok, I didn't say insert, but I can see how it was read. I stated:
It is clearly a threat entry point allowing anyone to try to
create a DKIM signature and all they have to do is add t=y with
the hope the receiver will ignore all fail validations.
I should of been clear of saying "exploited domains who added t=y into
their policy":
... and all they have to do is find a DOMAIN with a t=y policy...
> In sticking to the Subject: of this thread, no, this was not discussed
> at the Interop event. SSP was determined early on to be out-of-scope
> for our tests. We were focusing only on RFC4871 itself.
How unfortunate.
> It was felt, though, that SSP might be the subject of a future Interop
> event once the draft has become an RFC (or, perhaps, multiple proposals
> are available).
Its unfortunate that SSP continues to be play 2nd fiddle when in fact,
in my mind, DKIM is worthless (offers little payoff) without a POLICY
concept. I won't recommend DKIM until SSP is part of the fundamental
picture.
Anyway, I won't go there. I just hope the t=y comments are not ignored.
Thanks for your own comments.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
More information about the ietf-dkim
mailing list