ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-dkim] Pseudocode processing algorithm

2006-11-15 11:23:19
from [Hallam-Baker, Phillip] [Permanent Link] 
OK this algorithm includes reputation since its part of the decision process. 

ReputationOne is a cheap lightweight reputation service that is used for 
prefiltering, reputationTwo is a more detailed one you would call only after 
you knew it was worth bothering. If you don't have either source of reputation 
then you set ReputationCut = 0 so that everything passes.

Inputs
        Message
                List (Signature) : Signatures
                Sender PurportedSender 
                Content
        ReputationPre (Sender)
        ReputationPost (Sender)
        Policy (Sender)
 
Outputs
        SET {authentic, junk, compliant, notcompliant} : Outcome      
        Reputation:      Reputation
        SET OF Algorithm:  Acceptable 

ControlVariables
        Reputation: ReputationCut1, ReputationCut2
 
SEQUENCE
        Reputation = ReputationPre (Message.PurportedSender)
      

        // If the sender has a bad reputation then don't even bother to do 
anything else.
      IF (Reputation  < ReputationCut1)
                Outcome = junk
                RETURN

      BOOL Signed = FALSE

      FOR EACH signature sig IN Message.Signatures
           CASE Verify (sig, Message)
                    PASS
                          IF sig.Algorithm IN Acceptable
                         Reputation = MAX (Reputation, ReputationPost 
(sig.signer))
                         IF sig.signer = Message.PurportedSender
                              Signed = TRUE
                    ELSE
                       // Do nothing
                FAIL
                    // counts as no signature 
                UNKNOWN
                    // counts as no signature

      // Look to see if we have enough to stop processing here
      IF ((signed) OR (Reputation >= ReputationCut2))
            Outcome = authentic
            RETURN
      
        // Only if we have got this far do we do policy processing
      Policy = Policy (Message.PurportedSender)

        
      // OK here is my version of policy
        Outcome = compliant
        FOR EACH Entry e in Policy
                BOOL met = FALSE
            FOR EACH signature sig IN Message.Signatures
                  meet = met OR Compliant (e, sig)
            IF (NOT met)
                  Outcome = notcompliant


I will try to clean this up somewhat but my policy processing is pretty 
straightforward. Compliant simply looks to see if the selector on the sig 
matches the selector specified in policy.

The alternative (incorrect) code would be:

        Outcome = nocompliant
      FOR EACH signature sig IN Message.Signatures
           IF Compliant (e, sig)
                Outcome = compliant

I will try to send some worked examples and a differential use case analysis.

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [ietf-dkim] Pseudocode processing algorithm, Hallam-Baker, Phillip <=
Previous by Date:  Re: [ietf-dkim] Policy decision tree outcomes, Stephen Farrell
Next by Date:  Re: [ietf-dkim] Collection of use cases for SSP requirements, John Glube
Previous by Thread:  [ietf-dkim] test -- ignore, Dave Crocker
Next by Thread:  RE: [ietf-dkim] Re: Last Call: 'DomainKeys Identified Mail (DKIM)Signatures' to Proposed Standard (draft-ietf-dkim-base), Hallam-Baker, Phillip
Indexes:  [Date] [Thread] [Top] [All Lists]