The email authentication protocol DomainKeys Identified Mail, aka DKIM, is winding its way through the standards track, and seems to be the future of email authentication. Recently, a lone voice, a security researcher with Trend Micro, seemingly upset at being sidelined during various industry association and standards track discussions, has taken a specific concern public. He's gone so far to label DKIM an "evil protocol," because of a possible exploit he has identified.
Problem is, this hack supposedly exploits a "potential hole" that is not even open, by most measures. This involves taking a legitimate message and adding another from address to that message, fooling recipients into perhaps looking at, and believing, the wrong from header. Problem is, an email message with multiple from addresses is already prohibited under the current SMTP specification (which is currently RFC5322, a descendant of RFC822). Messages composed in this manner are already heavily filtered and not trusted. It really has little to do with DKIM or email authentication.
Not only is this much ado about nothing, but I believe that Trend Micro's unwarranted hyperbole on the topic is harmful. And I'm not the only one who thinks so. Software engineer Barry Leiba calls Trend Micro's warning "severely flawed," "laughable," and "ridiculous."
Dave Crocker, the author of RFC822, many other RFCs, and longtime participant in multiple anti-abuse and standards track forums and organization, agrees. He says that "the blog's description of the facts, its premise about the requirements, and its apparent understanding of DKIM's functionality all suffer from basic flaws."
In short: Nothing to see here-- move along.
Everyone can successfully sign an email with a DKIM signature.
ReplyDeleteThe basic flaw in DKIM is that it's useless.
DKIM without a valid reputation system has no use.
That's a bit like calling the disc breaks on your car useless. By themselves, they do nothing. They have to be installed as part of a larger mechanism to do any good. The same is true of DKIM, a point which Doug Otis seems to have missed.
ReplyDeleteAl is spot on. DKIM is a piece of a complex pie. If you only know one ingredient, then you are not qualified to teach a culinary class, let alone criticize other chefs.
ReplyDeleteGotta agree with Al and Jimpop here.
ReplyDeleteMy impression of Otis's article is that he expects DKIM to do something it is not intended to do, and then sees DKIM as a failure because it does what it really is intended to do, rather than what he thinks it is supposed to do.
To extend both Al's analogy, and Otis's logic:
The entire braking system in a car brings a car to a halt at the driver's discretion, and is therefore an integral part of an anti-accident strategy.
The problem is that auto-brakes cant detect red lights and stop the car accordingly. In fact, if the driver decides to drive into a brick wall, the braking system lets him! According to Otis's logic, this would render braking systems evil.
dkim is dumb as:
ReplyDeletedkim uses a slight bit of cpu processing power
spf does the same thing and uses no extra cpu processing power