Monday, August 14, 2006

Is DKIM safe without a strong policy framework?

DKIM (Domain Keys Identified Mail) seems to be on the road to IETF standardization at a rapid pace. For the first time in 20 years, I sense a rare wide industry interest to incorporate this new technology to help address the major problem of spam.

But at what expense? Will it work?

Anyone with a good engineering conscious will tell you DKIM is an unprotected digital signature protocol which lacks signature authorization consideration.

To highlight the concerns, I've written an IETF draft called DSAP (DKIM Signature Authorization Protocol) showing the major security problems related to the unprotected nature of the DKIM protocol and how the most obvious of the DKIM loopholes in the protocol can be addressed using an extremely easy to implement and strong email DKIM signature authorization policy framework.

I don't wish to excuse the fine people involved putting together the DKIM protocol and pushing it thru the IETF RFC standardization process of acting in bad faith, but there are far too many involved with a direct or indirect conflict of interest in the promotion of new Reputation Business services who see a strong email signature policy framework competing with these new business ventures. To see in action the seriousness of the DKIM problems be pushed back or aside, is both shocking and surreal.

When a message comes in, the DKIM verification process will have some fundamental questions to ask:
  • Does the domain ever distribute mail?
  • Does the domain expect the mail to be unsigned?
  • Does the domain expect the mall to be sign?
  • Is the domain the exclusive signer?
  • Are 3rd party signers allowed by the domain?
  • Are 3rd party signers allowed to strip original domain signatures?
These are basic questions that are ignored by the unprotected insecured DKIM protocol

It remains to be seen to how DKIM will play out, but there is no doubt in my mind, DKIM can create more harm than good if it is unleashed in its pure unprotected DKIM base form, a form special interest will require a "Batteries Required" Reputation Services trust layers will be expected to help protect its designs flaws.

- Hector

No comments: