[ietf-dkim] Issue #1521: Limit the application of SSP to unsigned
messages
Dave Crocker
dhc at dcrocker.net
Tue Dec 11 09:18:07 PST 2007
Jim Fenton wrote:
> As others have noted, bypassing SSP based on a valid signature from any
> arbitrary domain permits a trivial attack: attackers could sign
> messages using throw-away domains they control.
It's a shame we don't have an SSP threats analysis, so that this concern could
be placed in context.
The 'threat' that you are citing is for a signed message, which means that
there is a verifiable, accountable identity associated. That identity will
have a reputation.
It seems that concern for the attack that you cite needs to satisfy a couple
of preconditions:
1. Clear statement of what it is application of an SSP publication MUST
achieve. Otherwise, we cannot evaluate failing to achieve through such an attack.
2. Explanation of the reason that having a verifiable, accountable identity is
insufficient.
3. Consideration of the relative costs in protecting against this attack.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
More information about the ietf-dkim
mailing list