ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 3b. SMTP Verification - Reputation Systems and their Problems

2004-03-03 13:28:50
from [Mark Foster] [Permanent Link] 
On Wed, Mar 03, 2004 at 02:37:23PM -0500, Yakov Shafranovich wrote:

In the current world the closest approximation we have to reputation 
systems that are planned with LMAP are blacklists and Senderbase. Given 
that current blacklists have numerous problems, why would any proposed 
reputation or accrediation systems of the future be any different? How 
are we planning on avoiding the same problems we have today in the 
future, if we want to deploy such systems?


I've been doing some research into the use of STARTTLS and certificate
verification. The possibility exists for overlaying a
PKI trust model onto the email infrastructure... not just S/MIME and
PGP/GPG, but securing the message relay transmissions (MTA to MTA).

By enabling STARTTLS on any given email server (most of them support
STARTTLS), the server must have an x509 certificate, which
is either self-signed or signed by a public (or private) certificate
authority. By also configuring the mail servers to cough up the same
certificate when relaying (outbound), something approaching a whitelist
trust model can be achieved. Also, some mail servers automatically step-up
to TLS when they encounter the STARTTLS in transmission. So if the admins
are willing and able to turn on STARTTLS, and folks start using certificate
verification in their acceptance criteria, this could take off.

Here are some of the problems with the idea. 
1. Most if not all of the MTAs do not support certificate 
revocation lists (CRLs) or OSCP (although Exim will very soon).
2. The existing CAs do not sell these "types" of certificates (usually
just web server, s/mime for email and code signing).
3. The existing CAs do not fit easily into the role currently played
by the DNSBL folks. They would need to revoke certificates upon receiving
complaints from the community at large about abuse.

I don't think any of those problems are insurmountable. I haven't seen
too many folks touting this as a possible solution going forward,
either.

http://mark.foster.cc/articles/secure-email.html

I'd be interested to know what others think.
-- 
Some days it's just not worth chewing through the restraints...
Mark D. Foster, CISSP <mark(_at_)foster(_dot_)cc>  http://mark.foster.cc/

Attachment: pgpn28T5dtwp0.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] 3b. SMTP Verification - Reputation Systems and their Problems, Yakov Shafranovich
Next by Date:  Re: [Asrg] 3b. SMTP Verification - Reputation Systems and their Problems, Alan DeKok
Previous by Thread:  [Asrg] 3b. SMTP Verification - Reputation Systems and their Problems, Yakov Shafranovich
Next by Thread:  Re: [Asrg] 3b. SMTP Verification - Reputation Systems and their Problems, Alan DeKok
Indexes:  [Date] [Thread] [Top] [All Lists]