A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : DKIM Author Domain Signing Practices (ADSP) Security Issues
Author(s) : D. Otis
Filename : draft-otis-dkim-adsp-sec-issues-03.txt
Pages : 18
Date : 2008-09-30
The proposed [I-D.ietf-dkim-ssp] defines DNS records that advertise
the extent to which a domain employs [RFC4871] to sign [RFC2822]
messages, and defines how other hosts can access these
advertisements. Its laudable goal is to allow domains control over
the use of the From header field. When a message is not adequately
signed, advertised assertions, referenced by a domain in the From
header field, assist in resolving the message's intended disposition.
Rather than dealing with keys that impose a restriction on the "on-
behalf-of" identity as a separate security consideration to be
handled independently from an assertion that a domain signs their
messages, [I-D.ietf-dkim-ssp] instead employs a flawed two-stage
signature validation process that works in conjunction with
advertised practices. The two-stage approach will most likely occur
after message acceptance, and impairs the range of authentication
assertions permitted by a single signature. The limitations on
authentication assertions inhibits tactics needed to deal with replay
abuse.
As currently structured, advertised practices not only assert whether
a signature should be expected, they also constrain the
"on-behalf-of" identity applied by signing agents that are not
otherwise so restricted by [RFC4871]. By constraining the "on-
behalf-of" identity for all signing agents, the draft neglects the
predominate role of the domain as a point of trust, and incorrectly
assumes the signature is limited to supporting assertions regarding
the identity of the author. By limiting the DKIM signature's "on-
behalf-of" value to being representative of only the message's
author, the draft goes well beyond the working group's charter and
appears to infringe on S/MIME's and OpenPGP's role.
[I-D.ietf-dkim-ssp] impairs security in other ways as well, such as
the only directly actionable practice is defined using a term likely
to negatively impact the integrity of delivery status. Fortunately
minor changes to the definition of a compliant signature can remedy
the impairment created, where the critical security issues are best
handled independent of any [I-D.ietf-dkim-ssp] assertion.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-otis-dkim-adsp-sec-issues-03.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-otis-dkim-adsp-sec-issues-03.txt>
-
_______________________________________________
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
