[Top] [All Lists]

Re: public key BATV isn't useful

2008-05-20 08:17:59

On May 18, 2008, at 9:40 PM, John Levine wrote:

Oh, and one final note. The document talks a bit about defining a public key BATV scheme but doesn't actually define anything.

Humor me for a moment here.

The idea of a public key BATV is so the system generating the bounce can check the signature and not even send bogus bounces. But any system that is going to DKIM sign its bounce addresses would also be able to DKIM sign its message bodies, so ADSP discardable already allows you to declare that everything is signed so don't bounce the unsigned stuff. We're talking about DSNs here, not SMTP rejects, so the system generating the bounce is going to have received the message already. This isn't a situation where you might skip the DATA in a SMTP session.

When ADSP declares messages should be signed, this will be abused with messages only appearing to be signed. After all, "Who would do that?" may have been the premise. In addition, there is not a safe means to discover ADSP policy assertions, and when verifiable DKIM signatures provide acceptance independent of domain reputation, that too will become heavily abused. Bad actors already induce billions of SMTP related transactions against by-stander domains every day. DKIM and ADSP might easily multiply these undesired transactions substantially, analogous to machine instead of hand gun drive-bys. : {

Even with elliptic, signature bits available as "spare" in the return- path may be problematic. DKIM's use of a body hash within the signature allows cryptographic checks of a DSN, even when the message body is altered. Such checking would require a modified version of DKIM verification and careful selection of headers to tease out valid signatures with a goal of reducing false positive discards. It also seems a BATV strategy would also be useful at the MUA applied to the Message-ID. Message-ID checking could be done by retaining and privately distributing hashes of Message-ID to all receivers. The BATV approach would be simpler to implement since only a pass-phrase would be required one-time from a user.


<Prev in Thread] Current Thread [Next in Thread>