Issue 1527 - Threats (was Re: [ietf-dkim] Hostile to DKIM
deployment)
Steve Atkins
steve at blighty.com
Fri Dec 14 09:52:56 PST 2007
On Dec 14, 2007, at 9:32 AM, Stephen Farrell wrote:
>
>
> Dave Crocker wrote:
>> Right. So let's explore what current problems specific functions
>> in SSP
>> will mitigate.
>>
>> Folks who are proponents of particular SSP features should document
>> specific threats and specific SSP feature(s) that will mitigate them.
>
> I think that'd be useful.
>
> Of course, people who aren't proponents can also document specific
> threats, and I'd be interested in a few examples that aren't included
> in 4868 or the security considerations of the ssp-01 I-D (if I missed
> something in a recent posting a reference would be fine). I don't
> doubt that some such threats exist, but I don't recall seeing anything
> specific on this so far.
>
>> An essential part of such exercise is to explain why the mitigation
>> is
>> strategic. That is, why will it not be easy for attackers to work
>> around the SSP mechanism and achieve equivalent attack success.
>
> Modulo look-alike domains I guess? (There's text in 4868, 4.2.1 about
> that btw.) I don't think anything in SSP can mitigate that threat.
In that instance the threat might be "A well informed malicious sender
misleads recipients about who the author of the mail is".
SSPs answer to that would be an ability for some receivers to
identify that an unsigned email with the byte-for-byte identical
email address in the From field should have been signed, so
is a forgery.
The analysis would touch on false positives due to signature
breakage, that byte-for-byte comparison is not adequate to
protect a visible brand, that the email address isn't even displayed
in many MUAs and so on.
Cheers,
Steve
More information about the ietf-dkim
mailing list