Thanks to everton@??? for pointing out
http://asrg.kavi.com/apps/group_public/download.php/31/draft-irtf-asrg-lmap-
discussion-00.txt.
>From: Dean Brooks [mailto:dean@iglou.com]
>
>How would DNS spoofing accomplish anything? Without the
>original private key for the domain, it doesn't seem you
>could do much.
I'll use my domain sending to aol.com as an example.
Normal, valid mail:
1) aol.com receives an the email from jcring@???, signed with our
site private key.
2) aol.com does a DNS lookup to find my site's public key.
3) aol.com then does the crypo bit, which will succeed since it was signed
with my site's private key.
DNS attacked mailing with a @switch.com spoofed e-mail to aol.com.
1) spammer uses an attack on DNS so that when AOL looks up the public key
for switch.com, it resolves as the public key the spammer generated.
2) spammer sends forged e-mail to aol.com signed with their private key.
3) aol.com does a DNS lookup to find switch.com's public key; it receives
the spammer's public key instead.
4) aol.com then does the crypo bit, which will succeed since it was signed
with the spammer's private key, AND aol.com was tricked into thinking the
public key provided by the spammer was the public key for switch.com.
Now, I'm NOT saying that's a simple attack, especially on the wide-scale
basis that the spammer's would need to do it to keep flooding us with junk.
Instead my point is such an attack doesn't seem especially more difficult
then IP spoofing the IP address of our outgoing SMTP server, 206.181.77.34,
for an SMTP session to aol.com. If you agree with that, then the
public/private key part of DomainKeys does not make it any more secure
against spammers then SPF.
>From: Tony Finch [mailto:fanf2@hermes.cam.ac.uk]On
>
>You seem to have missed the fact that SPF breaks existing
>working legitimate setups.
True, it does break forwarding, and would require a change to "remailing"
(As termed by
http://spf.pobox.com/faq.html) to keep that type of
functionality.
But according to
http://antispam.yahoo.com/domainkeys#a12, "Mailing lists
that do not change the content or RE-ARRANGE or POST-PEND headers will be
DomainKey compatible with no changes required. Mailing lists that CHANGE THE
MESSAGE AND HEADERS should re-sign the message with their own private key
and claim authorship of the message." (emphasis added)
Don't most mailing lists[1] and/or forwarding setups made such changes? If
so, without changes, this proposal also breaks a lot of currently working
setups. So in that regard, both proposals seem approximately even.
I'm not trying to say SPF is a good idea; I haven't completely made up my
mind on that count. Instead, is just seems to me that the public/private
key aspect of Yahoo! DomainKeys doesn't make it more secure against attacks
by spammers then SPF, it's more computationally expensive, and it's also not
100% compatible with every non-spam thing we do with SMTP today.
[1] Take the header "List-Archive:
<
http://www.exim.org/pipermail/exim-users/>" added by this list, for
example. Wouldn't that be a "post-pend" header as mentioned by the Yahoo!
URL?
--------------------------
John C. Ring, Jr.
jcring@???
Network Engineer
Union Switch & Signal Inc.
