ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] porkhash: flexible anti-impersonation mail signatures

2003-04-02 17:53:48
from [Justin Mason] [Permanent Link] 

Bob Atkinson said:


I see how this sort of approach can tie a particular timestamp and
sender_id / email address together in a MAC which can be validated, but
I'm missing how the MAC gets coupled to a given message. 
Was such a coupling intended?


The intent is that the MAC is included in a message's headers, where an
MTA, a user's filter, a MUA, or even an end user with savvy can then
extract it and perform a verification operation.   The most recent
thinking indicated that including it in a Received header seemed to
work well, since that already can include all the info about sender_id
etc.


If not, what's to prevent a spammer who gets his hands on one of these
(a valid one) from then using it to send a million messages of his own
(where of course he'll force all the other headers as necessary).


The key, as I see it, is the use of a timestamp.  Spammers who wish to
replay a valid token, will then have to intercept a message with such a
token within a small window of time *after* the message was posted (and
presumably archived on a public webpage for example).

It's reasonably trivial, modulo the usual date-stamp-decoding logic,
to compare the Date header's timestamp with the MAC's timestamp.

BTW a key point here is that the porkhash string contains *both* a
human-readable (or at least machine-readable) sender_id and timestamp, as
well as the hashed version of that data; so the recipient's validation
code also gets to make a decision about the validity of that data, as well
as the verification server.


Also -- in response to William's point about distributing keys to users'
MUAs; it's important to note that in most use-cases I would imagine the
user would *not* have to use a key in their MUA -- that would be strictly
an edge case.   Instead an injecting MTA, to which they had authenticated
access, would include it on their behalf, for example an ISP's SMTP server
which auths based on source IP address, POP-before-SMTP, or SMTP AUTH etc.

--j.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] RE:ASGR 8a Use of certificates, Eric D. Williams
Next by Date:  RE: [Asrg] porkhash: flexible anti-impersonation mail signatures, Bob Atkinson
Previous by Thread:  Re: [Asrg] porkhash: flexible anti-impersonation mail signatures, J C Lawrence
Next by Thread:  RE: [Asrg] porkhash: flexible anti-impersonation mail signatures, Bob Atkinson
Indexes:  [Date] [Thread] [Top] [All Lists]