Hi all. First, I'd like to say that this analysis covers most of the attacks we (eBay Inc.) have seen, and some that we haven't even seen yet. By far the most common attack we have seen is the one in section 5.2.2, where the bad actors pretend to be one of our administrative addresses. We feel that DKIM addresses this problem well.
Another major attack vector we have seen is the one in 5.2, the use of similar looking domains. We call this the "eboy" problem. We would like to stress how much of a problem this is in the hopes that it can be further highlighted and discussed. I know that in previous discussions it was decided this problem would be difficult to solve, but it would be good to highlight it, as perhaps with the right people looking at it, a possible solution or mitigation could be found. Another related attack that I did not see mentioned in the threat analysis is what we call the "pretty from" attack. Most popular email clients display the arbitrary text in the From header as the display name, if there is one. For example, if the from header were 'From "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>', the client would show "[EMAIL PROTECTED]" as the from address. If the signature could be validated against badguy.com, then the message would appear legit. This is a major attack vector, as most of our users don't look beyond what their GUI client shows them. Looking at the current DKIM standard, it looks like this could still validate properly, since the signature would be signed with the key from badguy.com. I didn't see anything in the spec about verifying that the arbitrary text matches the purported From address. Is this correct? Perhaps this could be addressed as a possible threat in the analysis? Other than those two issues, as I said earlier, the analysis is very complete, and I wanted to thank Jim for putting it together. Thanks everyone. Jeremy --- Jeremy Edberg Security Engineer eBay, Inc./PayPal Inc. [EMAIL PROTECTED] _______________________________________________ ietf-dkim mailing list http://dkim.org
