At Fri, 02 Jan 2009 12:06:48 -0800,
Eric Rescorla wrote:
> TECHNICAL
> S 3.
>
> Hosts can look up the ADSP information of the domain(s) specified by
> the Author Address(es) as described in Section 4.3. If a message has
> multiple Author Addresses the ADSP lookups SHOULD be performed
> independently on each address. This document does not address the
> process a host might use to combine the lookup results.
>
> I'd like to see some security analysis of why this is OK. Naively,
> it seems like one might be able to get around ADSP using this feature.
> I.e., I want to forge a message apparently from example.com, which
> has "dkim-all". I generate a message with "From: ekr@xxxxxxxxxxx, ekr@xxxxxxxxxxx"
> where I control example.org. I then serve a record for example.org
> indicating that I don't sign. If this is accepted, that seems
> potentially problematic.
In retrospect, this isn't very clear.
In the case where there is one author and no signature, it seems to me
that ADSP allows you to differentiate two cases:
(1) The domain does not do DKIM signing [or more precisely hasn't
bothered to publish a policy.]
(2) The domain DKIM signs and this is a forgery [or an error or something.]
Obviously a message that falls into case (2) should be treated with
extreme skepticism (and presumably discarded if discardability is
set). By contrast, a message that falls into category (1) probably
would be treated with less skepticism.
Now, let's try to extend that question to a message with multiple
signers. Consider the following policy for combining the results: "If
any author lacks an ADSP record, act is af no ADSP record is
available." ISTM that this allows an attacker to generate a message
with a nominal author list that includes a domain that DKIM signs but
get it treated as if it were in case (1). To the extent to which such
messages get less skepticism, that seems undesirable. By contrast,
a policy which said "treat the most strict policy as applying to all
signers" would have a very different set of security properties.
Obviously, these questions interact a lot with what treatment messages
get which fall into various categories, something I appreciate that
DKIM has tried to be agnostic about in general. Unfortunately, I think
this is somewhere where you need to consider some plausible treatments
and the effect of various policies in the face of the natural attacker
behaviors.
-Ekr
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf