Autor: Dean Brooks Data: A: Ring, John C CC: exim-users Assumpte: Re: [Exim] Yahoo DomainKeys...
On Wed, May 19, 2004 at 06:25:09PM -0400, Ring, John C wrote:
> Yahoo! DomainKeys major weakness - DNS spoofing.
>
> Perhaps I'm mistaken, but it seems to me that DNS spoofing is not more
> difficult then IP spoofing of an SMTP session. Since a successful DNS spoof
> of the relevant TXT record would negate either system, there's not much
> point to the crypo part of DomainKeys, which only protects against the 2nd
> attack vector on SPF.
I'm not sure I follow. I know I must be missing something obvious,
but it's late...
How would DNS spoofing accomplish anything? Without the original
private key for the domain, it doesn't seem you could do much.
If you were able to do a cache-poison on the recipient DNS, I suppose
it would be possible but that would seem to limit the recipient pool
considerably (if you were a spammer). A cache-poison on the sender
domain DNS would also work, but I would assume that someone
implementing domain keys would also take precautions against that.