Hector Santos wrote: > Murray S. Kucherawy wrote: > >> The rest of your points about the exposure "t=y" in a published SSP >> record may be valid, but I remain confused about this point and it >> seems to be the premise of your attack. > > Attackers will be able to create a FAILED fascimile of a primary > domain DKIM complete message and as long as the primary has a t=y > policy, the attackers need not worry about HASH PERFECTION - it just > randomly creates a signature with a junk hash because the t=y will > promote a IGNORE FAILURE concept.
I'm a little confused about whether you're talking about t=y in the key record or in the SSP record, so let's discuss both. t=y in the key record is of dubious value if verifiers adhere to the principle that DKIM failures are equivalent to non-existent signatures. Since a broken signature shouldn't cause a message to be rejected or otherwise penalized, there isn't any reason to warn verifiers that you're testing. t=y in the SSP record is perhaps unnecessary, since there isn't much possibility of a failure in publishing an SSP record that would require much, if any, testing. However, t=y might be more useful if it's associated with reporting failure to some reporting address that might be specified by the signer. You could collect failure reports without actually causing (particularly SSP) to take effect. I believe that Murray may be on the verge of proposing just such a mechanism. If your point is that publishing t=y provides no security over not using DKIM or SSP at all, I agree. -Jim _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
