I've now had time to create webpages for META Signatures project and cleanup
tech documentation. All current info and documentation is now available at
http://www.metasignatures.org
There are also two mail lists setup:
http://lists.metasignatures.org/mailman/listinfo/metasig-discuss
for general discussions regarding the proposal and its syntax
http://lists.metasignatures.org/mailman/listinfo/metasig-develop
for development and implementation discussion, in particular this
would be mail list for those who want to get involved in metasignatures
sourceforge project which has also been setup
http://forums.metasignatues.org/
web forum access to the same mail lists (yes, they are integrated and
posts to mail lists show to go forum and other way around).
I invite those of you who are interested to participate and in particular
I'm going to try to get started first on EDigest as that would allow to
test how well signatures can survive in real mail environment (and actual
signature crypto staff should then be easy to add and it is well known to
work anyway; for authorization I expect to focus on x509 and/or DNS
fingerprints). Note though, that META Signatures is actually just a small
part of a lot larger email system proposal which I've started trying to
describe directly as internet drafts and those drafts may be taking lot
of my time for next 2-4 months, which will cut in the time I can spare
for programming.
For technical spec the most current one can be found at
http://www.metasignatures.org/meta_signatures_v018.htm
I've cleaned up small grammer errors and also made some style changes so
it would be easier to read. There have also been number of technical
changes from last time I've posted about meta signatures here. Here is
list of some changes briefly:
1. META-Auth headers now use URL syntax for location information:
META-Auth: s=x509 u="http://_certs.example.com/filename1.cer";
META-Auth: s=kr-dns u="dns:WDQGpekHKCmKyKWk._krs.example.com&TYPE=KR"
META-Auth: s=pk-dktxt u="dns:_key1._dk.example.com?type=TXT"
META-Auth: s=pgp u="http://pgp.example.net:11371/pks/"; m=pgpmime-signature
2. EDigest header has several new additions allowing to add headers from
mime part and be more specific about how hash is created including list
specific mime parts in order
3. For reporting results of the verification Authentication-Results header
is used used with some additions to how it was specified in draft
4. For dns authorization its proposed to use new DNS RR for fingerprint
data but with it having exactly the same format as SSHFP RR described
at http://www.ietf.org/internet-drafts/draft-ietf-secsh-dns-05.txt.
An example of this for dns zone is something like (Note: MASFP stands
for MAil Signature Fingerprint)
fp1._fp.example.com IN MASFP 1 1 123456789abcdef67890123456789abc
---
William Leibzon, Elan Networks:
mailto: william(_at_)elan(_dot_)net
Anti-Spam and Email Security Research Worksite:
http://www.elan.net/~william/emailsecurity/
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg