Authentication Approaches
Phillip Hallam-Baker
VeriSign Inc.
Why?
Authentication + Authorization =
Access Control
Authentication
IP Address
Cryptographic
Authorization
Email Address Whitelists [alice(_at_)example(_dot_)com]
Domain Whitelists [example.com]
Payment [$0.01 stamp]
How Strong is Enough?
LIST Kiddies
Like a script kiddie but they pay for the mailing list
Actually a spam victim, they get worthless service in return
SPAM Houses
Will adapt to heuristic authentication approaches
But it will cost them
PKI
Infrastructure exists to
Ensure that a party owns the purported domain name
Ensure that legal process can be served on the certificate holder
With a high (but not absolute) degree of confidence
SECURITY IS RISK CONTROL
NOT RISK ELIMINATION
Deployment Argument
Authentication Compliments Filtering
Network effect, aka Chicken and Egg problem
Avoid false positives
Without creating backdoors
'Allow all mail from hotmail.com, they use rate limiting'
Allows more aggressive criteria
Cryptographic Authentication is robust
Asymmetric work factor
No viable counter-strategies
Problem - Email Insecure by Default
Downgrade attack
I can tell a signed message comes from the sender
I cannot assume an unsigned message is false
Key is to know the security policy of the domain
DNS Based Security Policy
Reverse IP look up
Some Current Use
Only demonstrates that the IP address has been assigned
IPv4 address exhaustion will make this uninteresting
Configuration problem - servers handling 1000's of domains
Many ISPs do not delegate reverse DNS as they should
Get a new ISP is an idiotic deployment strategy
Forward DNS
Address based authentication
RCPT From [Vixie]
Reverse MX
Pro: Lightweight, almost costless
Pro: Obsoletes most existing spamware
Con: Could be vulnerable to new spamware
Con: Some operational issues
Con: Only works if mail from domain is relayed
Generalized Security Policy
Security Policy Advertisement Mechanism
Advertise any form of security policy
ALWAYS comes from address X, Y or Z
OPTIONAL uses STARTTLS, cert root has SHA1 P
OPTIONAL uses S/MIME, cert root has SHA1 Q
OPTIONAL uses PGP, validate against XKMS R
NEVER uses NULL Authentication
Can be generalized to other protocols
IPSEC, SSH, NNTP, POP, IMAP...
This is Just a Bug
We Are going to
FIX IT