Explain why a DNS cache poisoning attack can compromise DKIM but not S/MIME. Describe how DKIM could be modified to defend against DNS based attacks
What will be an ideal response?
In DKIM, the public key of the sending MTA is obtained via a DNS lookup.
Thus, a DNS cache poisoning attack will compromise DKIM since an attacker can forge a
message and its signature by replacing the public key of the legitimate sending MTA with
his own public key and sign the forged message with his private key. S/MIME is immune
from DNS cache poisoning attacks since it assumes that the public key of the sender is
transmitted to the recipient through a secure channel or signed by a party trusted by the
recipient.
You might also like to view...
The design of most computer keyboards is based on the typewriter's ____________________ layout.
Fill in the blank(s) with the appropriate word(s).
Which of the following statements is not true?
A) Policies should require only what is possible. B) Policies that are no longer applicable should be retired. C) All guiding principles and corporate cultures are good. D) Guiding principles set the tone for a corporate culture.