DKIM Author Domain Signing Practices (ADSP) Security Issues
Trend Micro
The proposed [I-D.ietf-dkim-ssp] defines DNS records that advertise the extent to which a domain employs [RFC4871] to sign [RFC2822] messages, and defines how other hosts can access these advertisements. Its laudable goal is to allow domains control over the use of the From header field. When a message is not adequately signed, advertised assertions, referenced by a domain in the From header field, assist in resolving the message's intended disposition. Rather than dealing with keys that impose a restriction on the "on- behalf-of" identity as a separate security consideration to be handled independently from an assertion that a domain signs their messages, [I-D.ietf-dkim-ssp] instead employs a flawed two-stage signature validation process that works in conjunction with advertised practices. The two-stage approach will most likely occur after message acceptance, and impairs the range of authentication assertions permitted by a single signature. The limitations on authentication assertions inhibits tactics needed to deal with replay abuse. As currently structured, advertised practices not only assert whether a signature should be expected, they also constrain the "on-behalf-of" identity applied by signing agents that are not otherwise so restricted by [RFC4871]. By constraining the "on- behalf-of" identity for all signing agents, the draft neglects the predominate role of the domain as a point of trust, and incorrectly assumes the signature is limited to supporting assertions regarding the identity of the author. By limiting the DKIM signature's "on- behalf-of" value to being representative of only the message's author, the draft goes well beyond the working group's charter and appears to infringe on S/MIME's and OpenPGP's role. [I-D.ietf-dkim-ssp] impairs security in other ways as well, such as the only directly actionable practice is defined using a term likely to negatively impact the integrity of delivery status. Fortunately minor changes to the definition of a compliant signature can remedy the impairment created, where the critical security issues are best handled independent of any [I-D.ietf-dkim-ssp] assertion.