Earl Hood wrote:
Mailing lists too. Some recipients are going to be interested in all messages from mailing lists they subscribe to (e.g., fans of ietf-dkim). Although we haven't fleshed out best practices for mailing list re-signers, I suspect that they'll want to sign all messages that go through the list.On August 11, 2005 at 13:27, Jim Fenton wrote:But how would they get a valid signature on behalf of the OA? Or are you saying that one should treat the message differently from an unsigned message because there is an invalid OA signature present? I'm still missing what it is. Sorry if I'm being dense. If it's just the conflict between the policy (published in DNS) and a key that has been published (also in DNS), I don't see where the policy is any more secure than the key record, unless it has to do with some characteristic of DNS itself (e.g., a cache poisoning attack).To deal with this, DKIM supports SSPs, where the verifier checks the SSP of the rfc2822.From to see what the signing policy is in an attempt to prevent malicious domains using arbitrary rfc2822.From addresses. Now, according to the current SSP draft, if no SSP DNS record is defined for rfc2822.From (or what the draft calls Originator Address), the draft states the following: If the Sender Signing Policy record does not exist, verifier systems MUST assume that some messages from this entity are not signed and the message SHOULD NOT be considered to be Suspicious. Now, in this case, we have a signed message with no SSP defined. Because of this, and past SSP discussion, appears the above statement needs to be revised to avoid a security problem. When you say _signed_, do you mean valid or invalid signature? I have trouble associating increased suspicion with the presence of an invalid signature (vs. no signature at all) since there are other ways that signatures can be broken by munging the message.>From a security perspective, if no DNS SSP record is defined, the safe policy is to treat any _signed_ message as suspicious since it can indicate malicious activity. Not doing so will lead to malicious domains to adopt DKIM since during early stages of DKIM rollout, many domains will not have SSP records defined. Of course malicious domains will be early adopters of DKIM, just as they were of SPF. But malicious domains also get to define any signing policy they want. I agree that publishing SSP is a good idea for any domain that is signing.There appears to be no real burden to require DNS SSP records to be defined for entities that will have messages signed. For example, if ISP example.com is to implement DKIM signing, along with defining the appropriate DNS records for key data, it can easily define the SSP records. -Jim |
_______________________________________________ ietf-dkim mailing list http://dkim.org
