A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : DKIM Author Domain Signing Practices (ADSP) Security Issues
Author(s) : D. Otis
Filename : draft-otis-dkim-adsp-sec-issues-00.txt
Pages : 12
Date : 2008-08-07
[I-D.ietf-dkim-ssp] defines DNS records that advertise the extent to
which a domain employs [RFC4871] to sign [RFC2822] messages, and how
other hosts access these advertisements. The goal is to control the
use of From header field. When a message is not adequately signed,
advertised assertions referenced by a domain in the From header field
assist in resolving the message's intended disposition.
However, [I-D.ietf-dkim-ssp] fails to discern that when restricted
identities are imposed upon remote signing agents, additional
controls must be afforded the domain in this case. The draft also
ignores the predominate role of the domain, and assumes the signature
always makes assertions regarding the identity of the author, which
ignores safety and goes well beyond the charter. In addition, the
only directly actionable practice is defined using a term likely to
negatively impact the integrity of delivery status as well.
[I-D.ietf-dkim-ssp] impairs security in other ways, but fortunately
minor changes to the definition of a valid signature can
significantly remedy the most critical security issue.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-otis-dkim-adsp-sec-issues-00.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-otis-dkim-adsp-sec-issues-00.txt>
-
_______________________________________________
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
