[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Proposals Re: DoS and Replay protection for message signatures

To: "Hallam-Baker, Phillip" <pbaker@xxxxxxxxxxxx>
Subject: Proposals Re: DoS and Replay protection for message signatures
From: Amir Herzberg <herzbea@xxxxxxxxxxxxxx>
Date: Wed, 03 Aug 2005 13:57:32 +0200
Cc: Tony Finch <dot@xxxxxxxx>, Douglas Otis <dotis@xxxxxxxxxxxxxx>, IETF MASS WG <ietf-mailsig@xxxxxxx>
In-reply-to: <198A730C2044DE4A96749D13E167AD375A29D1@MOU1WNEXMB04.vcorp.ad.v rsn.com>
List-archive: <http://www.imc.org/ietf-mailsig/mail-archive/>
List-id: <ietf-mailsig.imc.org>
List-unsubscribe: <mailto:ietf-mailsig-request@imc.org?body=unsubscribe>
References: <198A730C2044DE4A96749D13E167AD375A29D1@MOU1WNEXMB04.vcorp.ad.vr sn.com>
Reply-to: herzbea@xxxxxxxxxxxxxx
Sender: owner-ietf-mailsig@xxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0 (Windows/20041206)

Hallam-Baker, Phillip wrote:

Surely what an optimized implementation would do is look to see if the
reputation is in the cache, if so and the reputation is bad then throw
out the message and stop processing.

Otherwise verify the signature and only look up the reputation if it
verifies.

Would you reduce reputation if you get multiple signature verification failures? Up to throwing messages without validating signatures? I think that's what you (and Tony) suggest.

If so... can't an attacker abuse this to perform DoS on _senders_, by thrashing their reputation by sending malsigned messages (also hitting some recipients at the same time)?

If not... then the DoS attack of sending mal-signatures remains.

We can solve this by placing the burden on the senders. Add a `recipient policy` record for the _recipient_ (in a DNS record). This record identifies what the recipient requires from incoming messages, to prevent them being thrashed as DoS. Some proposed options:

-- No DoS protection required (current DMIK)

-- `Anti-DoS computation cookie`: specifies a hash-cash like challenge <x,k> s.t. the sender must find string y s.t. h(m, x, y)=z||0^k, where m is the (digest of?) message and h is a hash function e.g. SHA1.

-- `Anti-DoS IP-based cookie`: specifies an IP address of a `cookie server`, to which the sending MTA should send a request, and get back a cookie to be added to the message (like in IKE).

-- `Anti-DoS 3rd-party cookie`: specifies one or more third party DoS-prevention servers, which share a key with the recipient. Sender can contact any of them, send the the signature, and get back a cookie (which is a MAC over the signature and/or original message, and the identity of recipient). This may require some long term relationship with 3rd party and/or payment to 3rd party. Notice that with this option, it may sometimes be possible to avoid validating the signature at all in the recipient. -- Best regards,

Amir Herzberg

Associate Professor Department of Computer Science Bar Ilan University http://AmirHerzberg.com Try TrustBar - improved browser security UI: http://AmirHerzberg.com/TrustBar Visit my Hall Of Shame of Unprotected Login pages: http://AmirHerzberg.com/shame

Follow-Ups:
- Re: Proposals Re: DoS and Replay protection for message signatures
  - From: Jim Fenton
- Re: Proposals Re: DoS and Replay protection for message signatures
  - From: Tony Finch

Prev by Date: Re: Proposals Re: DoS and Replay protection for message signatures
Next by Date: Re: Comments on draft-allman-dkim-base-00.txt
Previous by thread: RE: wildcards, was Re: dkim technology?
Next by thread: Re: Proposals Re: DoS and Replay protection for message signatures
Index(es):
- Date
- Thread