> -----Original Message----- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- > boun...@mipassoc.org] On Behalf Of Wietse Venema > Sent: Friday, October 15, 2010 5:10 PM > To: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] detecting header mutations after signing > > MH Michael Hammer (5304): > > > > > > > -----Original Message----- > > > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim- > > > boun...@mipassoc.org] On Behalf Of bill.ox...@cox.com > > > Sent: Friday, October 15, 2010 11:59 AM > > > To: dcroc...@bbiw.net > > > Cc: ietf-dkim@mipassoc.org > > > Subject: Re: [ietf-dkim] detecting header mutations after signing > > > > > > Well a broken signature is morally equivalent to unsigned so Im not > > sure > > > of the potential harm... > > > > > > > And this is where I angst. In all the discussions of a broken signature > > being morally equivalent to unsigned, the thrust has been that it was > > likely broken in transit. We failed to have the discussion of it being > > intentionally broken in transit as an attempt to game the system. For > > header mutations after signing (which are likely to be a malicious > > attempt in the specific cases we have been discussing) I feel that > > treating it as simply the same as unsigned is ignoring the potential > > maliciousness. > > I'm sure this was discussed before, but perhaps a refresher helps. > How would the DKIM validator know the difference between: > > A: The message had a valid signature, but it was broken after > signing. > > B: The message is a forgery with a bogus signature. > > If the DKIM validator cannot make that distinction, then the bad > guys will do B and the validator will treat it as A. > > Wietse
Multiple headers are a specific class of problem. The signature is not, in fact, broken. It validates. The described attack actually leverages this. We are left in the realm of "the operation was a success but the patient died". If this where we want to be? How often do we see multiple From headers where the From was added (as opposed to the original From was modified) after the message was signed? How often do we see this without malicious intent in the wild? Same question for other headers? What is the value proposition that DKIM offers that incentivizes people to adopt it? I remember similar discussions back in the 2004 timeframe when we didn't have practical experience with DKIM. This theme was in fact touched on at the "Marketing DKIM" dinner that Dave organized after the FTC workshop in DC. I am not suggesting that we boil the ocean. I am suggesting that we can realistically address this class of problem without having to "fix" the world. Failure to address it significantly alters the value proposition of DKIM..... in a negative manner. I've never been happy with the choice to have "fails to validate" == "no signature". This is what invites your question about "A" or "B". Your question "A" begs the question of how the signature was broken. If we never see a certain type of brokenness in the wild in normal usage but only (potentially) see it in abusive usage, why would we not recognize and address this? Mike _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html