I know that other similar ideas have been discussed before, so I
apologize if I'm being too redundant..
Wouldn't a system that just used public key crypto to verify messages
avoid any issues with the smtp envelope sender and forwarding?
I understand that SPF (and friends) are more geared towards authorizing
the path of a message, and not the message itself, but I think there is
some merit in combining the two..
A simple, un-intrusive hash+pubkey system could be used to verify that
messages really did come from where they appear to have come from.
The authorization could be added as a header to outgoing messages from
all mailservers allowed to send mail from that domain.
Domain owners could modify their mailservers to sign a hash of certain
parts of each message, and have that key exported via dns.
i.e. a TXT record with the base64'd pubkey available via:
<keyname>._822key.domain.tld
Another record (i.e. _822key.domain.tld) could exist to show recipients
that messages should have been signed.
The mailserver could hash a few "visible" headers along with the body,
say Date/To/From/Cc/Subject to avoid simple replay/spoofing attacks,
then insert a header into the outgoing mail like this one:
X-822sig: <hash> <pubkey> <keyname> <base64(pubkey(hash(heads+body)))>
<hash> = md5, sha1, etc.
<pubkey> = dsa1024, rsa512, etc. (specify pubkey alg and key length used)
<keyname> = the key that was used to sign the message. this keyname
could be chosen arbitrarily, as long as it never repeated.
it could be different per mailserver, per user, per hour,
per message, etc..
Any key used to sign a message would just need to remain in the dns for
at least the length of time allowed to deliver the message (>2weeks?).
The key length would only have to be strong enough to thwart an attack
on it for the length of time it remained in the dns.
An example header might look like this:
X-822sig: md5 rsa512 20040121 YTExMGZlMDdiNjE3OTlkMTRmZWU3ZjMwYjZlZGIxNj==
If the selected "visible headers" and the body aren't modified in
transit, then the message can be easily forwarded, and the message can
be verified upon receipt.
--
Thor Kooda
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡