glts
commented
2 years ago Also see cross-post at https://github.com/trusteddomainproject/OpenDMARC/issues/191
Closed raforg closed 1 year ago
glts
commented
2 years ago Also see cross-post at https://github.com/trusteddomainproject/OpenDMARC/issues/191
thegushi
commented
1 year ago I don't think there are any issues mentioned in either that paper that affect specifically openDKIM -- in fact, the issues called out OpenDMARC with every other DKIM software, but never our own. A security community that doesn't miss a chance to issue a CVE against us (like one for the tests/ directory, seriously), hasn't pointed something out here.
Apologies if this has already been addressed, but a paper in last year's USENIX Security Symposium details 18 practical attacks against Email Sender Authentication. It's brutal. For details, see:
https://www.usenix.org/sites/default/files/composition-kills.pdf https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf https://www.usenix.org/conference/usenixsecurity20/presentation/chen-jianjun
Any changes to OpenDKIM that could address any of these would be awesome.