[Top] [All Lists]

[ietf-dkim] Pseudocode processing algorithm

2006-11-15 11:23:19
OK this algorithm includes reputation since its part of the decision process. 

ReputationOne is a cheap lightweight reputation service that is used for 
prefiltering, reputationTwo is a more detailed one you would call only after 
you knew it was worth bothering. If you don't have either source of reputation 
then you set ReputationCut = 0 so that everything passes.

                List (Signature) : Signatures
                Sender PurportedSender 
        ReputationPre (Sender)
        ReputationPost (Sender)
        Policy (Sender)
        SET {authentic, junk, compliant, notcompliant} : Outcome      
        Reputation:      Reputation
        SET OF Algorithm:  Acceptable 

        Reputation: ReputationCut1, ReputationCut2
        Reputation = ReputationPre (Message.PurportedSender)

        // If the sender has a bad reputation then don't even bother to do 
anything else.
      IF (Reputation  < ReputationCut1)
                Outcome = junk

      BOOL Signed = FALSE

      FOR EACH signature sig IN Message.Signatures
           CASE Verify (sig, Message)
                          IF sig.Algorithm IN Acceptable
                         Reputation = MAX (Reputation, ReputationPost 
                         IF sig.signer = Message.PurportedSender
                              Signed = TRUE
                       // Do nothing
                    // counts as no signature 
                    // counts as no signature

      // Look to see if we have enough to stop processing here
      IF ((signed) OR (Reputation >= ReputationCut2))
            Outcome = authentic
        // Only if we have got this far do we do policy processing
      Policy = Policy (Message.PurportedSender)

      // OK here is my version of policy
        Outcome = compliant
        FOR EACH Entry e in Policy
                BOOL met = FALSE
            FOR EACH signature sig IN Message.Signatures
                  meet = met OR Compliant (e, sig)
            IF (NOT met)
                  Outcome = notcompliant

I will try to clean this up somewhat but my policy processing is pretty 
straightforward. Compliant simply looks to see if the selector on the sig 
matches the selector specified in policy.

The alternative (incorrect) code would be:

        Outcome = nocompliant
      FOR EACH signature sig IN Message.Signatures
           IF Compliant (e, sig)
                Outcome = compliant

I will try to send some worked examples and a differential use case analysis.

NOTE WELL: This list operates according to

<Prev in Thread] Current Thread [Next in Thread>
  • [ietf-dkim] Pseudocode processing algorithm, Hallam-Baker, Phillip <=