On Tue, Oct 07, 2003 at 01:14:47PM -0700, Matthew wrote:
However, I have realized there might be a way to use a GPG or
S/MIME like system, either in conjunction or independantly of SPF.
What I envision is not exactly what Phil described. And I prefer to
avoid using GPG or S/MIME directly, becasue AFAIK both of those
technologies directly effect or change the message body.
But what if:
1) domain.com uses a self generated private key to sign each
message that originates at one of its MTA. The signature might
include include: the from address, the to address, the subject of the
message, a hash of the message body (and more?). The signature would
be added to the message as a header.
Why not just sign the message? What you are proposing is a
reinvention of the existing ways of signing the message. If
you reinvent a crypto protocol you will cause more code to
need to be written and you will likely get it wrong.
The signature is just an attachment to the message. That
doesn't seem to onerous to me, and you can automate the
process at the outgoing mail server if you don't want to
inconvenience users.
2) domain.com uses DNS TXT records to publish the URL from
which its public key(s) can be downloaded.
An alternative is to have dns records of the form:
<mime64encodedpublickey>.<ciphername>._smtp_keys.domain.com
The public key can be in the mail, the receiving SMTP server
just needs to verify that the key works and is published
by the originating domain. This method is cacheable in the DNS
and doesn't involve having a separate web server accessible
with the associated DDOS issues. Also, there's no per-message
updating of the DNS.
Such a system, which operates only at the endpoints, allows
the receiving MTA to verify that signed messages are valid, no matter
how many times they have been forwarded. This prevents forged frome
headers and allows whitelist and blacklisting at the domain level.
Yes.
Such a system is a complement or extension of SPF, not a
replacement.
Actually, by autosigning messages at the approved outgoing SMTP
servers you can replace SPF with this system.
Advantages:
* Works for forwarded mails
* Works for users on the road who want to post with the local SMTP
server without incurring a huge round-trip to the home server.
(Publish the public key of the user on in the DNS for their home
domain).
* Works for mailing lists
* You can retroactively withdraw a key if an autosigning SMTP server
is misued (eg. through a trojaned machine behind the firewall).
This will catch late filtering, eg. people who check their mail
at POP-download time.
Disadvantages:
* More load on the receiving server
* Doesn't protect against replay attacks. Though by constantly
rotating keys and deleting old ones after a week or so you
can minimise this.
--
Erik Corry erik(_at_)arbat(_dot_)com
A: Because it messes up the order in which people normally read text.
Q: Why is top-replying such a bad thing?
A: Top-replying.
Q: What is the most annoying thing in email?
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡