Analysis of Threats Motivating DomainKeys Identified Mail (DKIM)
RFC 4686
Document | Type | RFC - Informational (September 2006; No errata) | |
---|---|---|---|
Author | Jim Fenton | ||
Last updated | 2015-10-14 | ||
Replaces | draft-fenton-dkim-threats | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4686 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Russ Housley | ||
Send notices to | (None) |
Network Working Group J. Fenton Request for Comments: 4686 Cisco Systems, Inc. Category: Informational September 2006 Analysis of Threats Motivating DomainKeys Identified Mail (DKIM) Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This document provides an analysis of some threats against Internet mail that are intended to be addressed by signature-based mail authentication, in particular DomainKeys Identified Mail. It discusses the nature and location of the bad actors, what their capabilities are, and what they intend to accomplish via their attacks. Fenton Informational [Page 1] RFC 4686 DKIM Threat Analysis September 2006 Table of Contents 1. Introduction ....................................................3 1.1. Terminology and Model ......................................3 1.2. Document Structure .........................................5 2. The Bad Actors ..................................................6 2.1. Characteristics ............................................6 2.2. Capabilities ...............................................6 2.3. Location ...................................................8 2.3.1. Externally-Located Bad Actors .......................8 2.3.2. Within Claimed Originator's Administrative Unit .....8 2.3.3. Within Recipient's Administrative Unit ..............9 3. Representative Bad Acts .........................................9 3.1. Use of Arbitrary Identities ................................9 3.2. Use of Specific Identities ................................10 3.2.1. Exploitation of Social Relationships ...............10 3.2.2. Identity-Related Fraud .............................11 3.2.3. Reputation Attacks .................................11 3.2.4. Reflection Attacks .................................11 4. Attacks on Message Signing .....................................12 4.1. Attacks against Message Signatures ........................12 4.1.1. Theft of Private Key for Domain ....................13 4.1.2. Theft of Delegated Private Key .....................13 4.1.3. Private Key Recovery via Side Channel Attack .......14 4.1.4. Chosen Message Replay ..............................14 4.1.5. Signed Message Replay ..............................16 4.1.6. Denial-of-Service Attack against Verifier ..........16 4.1.7. Denial-of-Service Attack against Key Service .......17 4.1.8. Canonicalization Abuse .............................17 4.1.9. Body Length Limit Abuse ............................17 4.1.10. Use of Revoked Key ................................18 4.1.11. Compromise of Key Server ..........................18 4.1.12. Falsification of Key Service Replies ..............19 4.1.13. Publication of Malformed Key Records and/or Signatures .................................19 4.1.14. Cryptographic Weaknesses in Signature Generation ..20 4.1.15. Display Name Abuse ................................21 4.1.16. Compromised System within Originator's Network ....21 4.1.17. Verification Probe Attack .........................21 4.1.18. Key Publication by Higher-Level Domain ............22 4.2. Attacks against Message Signing Practices .................23 4.2.1. Look-Alike Domain Names ............................23 4.2.2. Internationalized Domain Name Abuse ................23 4.2.3. Denial-of-Service Attack against Signing Practices ..........................................24 4.2.4. Use of Multiple From Addresses .....................24 4.2.5. Abuse of Third-Party Signatures ....................24 4.2.6. Falsification of Sender Signing Practices Replies ..25 Fenton Informational [Page 2] RFC 4686 DKIM Threat Analysis September 2006 4.3. Other Attacks .............................................25 4.3.1. Packet Amplification Attacks via DNS ...............25 5. Derived Requirements ...........................................26 6. Security Considerations ........................................26 7. Informative References .........................................27 Appendix A. Acknowledgements ......................................28Show full document text