|
Re: public key BATV isn't useful
2008-05-20 08:17:59
On May 18, 2008, at 9:40 PM, John Levine wrote:
Oh, and one final note. The document talks a bit about defining a
public key BATV scheme but doesn't actually define anything.
Humor me for a moment here.
The idea of a public key BATV is so the system generating the bounce
can check the signature and not even send bogus bounces. But any
system that is going to DKIM sign its bounce addresses would also be
able to DKIM sign its message bodies, so ADSP discardable already
allows you to declare that everything is signed so don't bounce the
unsigned stuff. We're talking about DSNs here, not SMTP rejects, so
the system generating the bounce is going to have received the
message already. This isn't a situation where you might skip the
DATA in a SMTP session.
When ADSP declares messages should be signed, this will be abused with
messages only appearing to be signed. After all, "Who would do that?"
may have been the premise. In addition, there is not a safe means to
discover ADSP policy assertions, and when verifiable DKIM signatures
provide acceptance independent of domain reputation, that too will
become heavily abused. Bad actors already induce billions of SMTP
related transactions against by-stander domains every day. DKIM and
ADSP might easily multiply these undesired transactions substantially,
analogous to machine instead of hand gun drive-bys. : {
Even with elliptic, signature bits available as "spare" in the return-
path may be problematic. DKIM's use of a body hash within the
signature allows cryptographic checks of a DSN, even when the message
body is altered. Such checking would require a modified version of
DKIM verification and careful selection of headers to tease out valid
signatures with a goal of reducing false positive discards. It also
seems a BATV strategy would also be useful at the MUA applied to the
Message-ID. Message-ID checking could be done by retaining and
privately distributing hashes of Message-ID to all receivers. The
BATV approach would be simpler to implement since only a pass-phrase
would be required one-time from a user.
-Doug
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: private key BATV is useful, (continued)
- Re: public key BATV isn't useful, Tony Hansen
- Re: public key BATV isn't useful, Paul Smith
- Re: public key BATV isn't useful, Dave Crocker
- Re: public key BATV isn't useful, Paul Smith
- Re: public key BATV isn't useful, Paul Smith
- Re: public key BATV isn't useful,
Douglas Otis <=
- Re: BATV pseudo-Last Call, Alessandro Vesely
- Re: BATV pseudo-Last Call, John Levine
- Re: BATV pseudo-Last Call, Frank Ellermann
- Re: BATV pseudo-Last Call, ned+ietf-smtp
- Re: BATV pseudo-Last Call, Dave Crocker
- Re: BATV pseudo-Last Call, ned+ietf-smtp
- Re: BATV pseudo-Last Call, Dave Crocker
- Re: BATV pseudo-Last Call, John Levine
- Re: BATV pseudo-Last Call, Tony Hansen
- Re: BATV pseudo-Last Call, Alessandro Vesely
|
|
|