Hi Tony,
On Wed, 17 Aug 2005, Tony Finch wrote:
> On Mon, 15 Aug 2005, George Gross wrote:
> >
> > I should also point out that AFAICT a DKIM e-mail signature does not
> > protect against the "revolving door" signature identity problem. It
> > erronously presumes that all DNS registry entities are not the economic
> > allies or suppliers for spammers. It would be feasible for such a
> > registrar to automate the domain name generation process on behalf of its
> > spammer customers. Once such a domain name's reputation becomes tarnished,
> > it is discarded and the co-conspirator DNS registrar issues a new one to
> > take its place. I see this attack (and I suspect that there are others
> > that one can discover) as a fundemental problem with the proposed e-mail
> > security architecture.
>
> There's a lot more information available about domain names than about IP
> addresses, e.g. via whois, via the domain's NS records, etc. This
> information can be used to bootstrap a reputation in a way that defends
> against the use of throwaway domains by spammers.
I realize that all of that info is available. I suppose my query should
have been more accurately phrased: how does one enforce that all
registrars on the planet *always* follow these rules?
For example, could not a rogue nation state offer (e.g. under the table
via bribes or as info warfare policy) a haven for such rogue registrars?
Yes, there are Internet governance procedures to ultimately shut them
down, but wouldn't it take a long enough time to trace as to be a problem?
how long it would take to remedy if it spilled into an International court
case rather than usual DNSops procedures?
Would you end up evaluating DNS registrar whitelist/blacklists for every
public key DNS retrieval?
Unlike a traditional PKI there is no "chain of trust" to a trust anchor
for the public keys being used in the proposed DKIM signature scheme.
there is also no Internet-wide standard reputation management by which to
judge the trustworthiness of the public keys stored in the DNS.
so until there is a viable contender for that IETF standard, e-mail signed
by a domain is like a bridge with only half of it built, dangling in
space, with no plan for how to build the other half. From a security
perspective, completing that bridge leads to a defensible position. DKIM
would make alot more sense to charter once that missing plan is available
and it points to a candidate companion standard.
George
>
> Tony.
>
_______________________________________________
ietf-dkim mailing list
http://dkim.org
