RE: semantics of the signature

From: Tony Finch
Sent: Thursday, October 07, 2004 9:34 AM


<...>

(We just spent about $3000 for our annual certificate renewal, and
we are not looking forward to finding a cheaper supplier and
authenticatnig a 795-year-old organization to them).


For credibility purposes, I suggest that your certificate supplier be at
least as old as your organization :)  Also, is there any possibility of an
invite to the 800-year birthday party coming up?


William Leibzon, Jim Fenton, and I all disagreed that signatures should be
removed after verification.


I note that but wonder about the reason for it.  Isn't this authentication
supposed to be valid only for transit time?  I thought a good argument was
made that this was desirable in order to loosen the requirements on both the
cryptography and message canonicalization.

If you preserve the signatures beyond the MTA, that suggests that senders
have to provide an authentication model that will survive long-term.  This
means dealing with signatures that were valid when the message was signed,
but the (per-user) key was later revoked because the signer is no longer
associated with the domain.  It also implies some ability to survive
additional munging that takes place once the message leaves the MTA.  This
is starting to sound more like PGP or S/MIME, including a PKI and CRL's,
rather than the simpler and less secure DNS keys that can disappear one
month after the message was sent.  I haven't been involved with the charter,
so I can't say what the original goals were, but I thought the short
lifetime of these signatures was one of their defining and simplifying
characteristics.  From the user's standpoint, I don't see where that isn't
good enough for the task at hand.


The whole point of MASS is that it is not hop-by-hop.


Strongly agree.  Hop-by-hop authentication is inherently difficult to do
anything useful with, unless there is only one hop.  Since protecting
content from changes is not the main purpose, though it doesn't hurt, I
thought the main goal is to authenticate the originator's identity (however
defined) at the domain level.  Perhaps I've got this wrong?

--

Seth Goodman

<Prev in Thread]	Current Thread	[Next in Thread>
semantics of the signature, James M Galvin Re: semantics of the signature, Tony Finch Re: semantics of the signature, James M Galvin Re: semantics of the signature, James M Galvin Re: semantics of the signature, Tony Finch RE: semantics of the signature, Seth Goodman <= RE: semantics of the signature, Tony Finch RE: semantics of the signature, Seth Goodman RE: semantics of the signature, Michael Thomas RE: semantics of the signature, Seth Goodman RE: semantics of the signature, Tony Finch RE: semantics of the signature, Seth Goodman Re: semantics of the signature, Dave Crocker Re: semantics of the signature, Andrew Newton Re: semantics of the signature, Jim Fenton Re: semantics of the signature, Andrew Newton

Previous by Date:	Re: costs of different approaches, wayne
Next by Date:	RE: semantics of the signature, Tony Finch
Previous by Thread:	Re: semantics of the signature, Tony Finch
Next by Thread:	RE: semantics of the signature, Tony Finch
Indexes:	[Date] [Thread] [Top] [All Lists]