[ietf-dkim] double header reality check
hsantos at isdg.net
Tue Oct 19 18:27:23 PDT 2010
Mark Delany wrote:
> Only once tools and UAs take advantage of DKIM, do these attacks
> become relevant. That's why I think this is a DKIM problem. We are
> wanting tools and UAs to take advantage of DKIM but by doing so they
> are possibly making themselves more vulnerable to attackers.
And this is why
1) we MUST establish the DKIM boundary conditions for 100% success and
100% failure. You have to move all parties into the same playing
field and those that are not compliant are pushed out.
2) the conflict in the deployment to allow for unrestrictive resigners
with no willingness to establish 3rd party policies simply makes
everything even more indeterminate. How can we tell when the
"valuable" signer identity is good, bad and/or exploiting the
Unless we get an solid anchor for 100% Zero False Positive boundary
conditions, it makes all this very hard in what is already very complex.
DKIM has the high potential to become the next relaxed "Return Path"
dilemma the industry knew since the 80s was insecure, but not yet
highly exploited where we didn't do much about it.
Every good idea has a solid well defined problem it solves. DKIM was
one suppose to be the alternative to SPF because it has the "PATH"
By deemphasizing policy and opening the door for unrestricted
resigners, its now become a last signer authentication protocol.
Anyway, to get back to the problem, we need to do less subjective
analysis and just try to get the deterministic bits of DKIM well
defined - valid input and it needs to check it probably is only thing
Hector Santos, CTO
More information about the ietf-dkim