RE: let's get rid of SRS

From: Roger Moser
Sent: Wednesday, May 19, 2004 4:24 PM


Meng Weng Wong wrote:

Say, how would folks feel if we got rid of SRS and replaced it with a
less onerous workaround?


We don't have to get rid of SRS completely. We just have to do it
already at
the sender (the domain that publishs the SPF record):

The sender signs a hash of the envelope sender (plus time stamp)
by using a
private RSA key and in the SPF record publishs the pulic key
needed to check
the signature. For example: "v=spf1 a mx ses:...public_key...
-all" meaning
"all mail from us has a signed envelope sender and here is the method to
check it".


This is a really good idea and has been kicked around a bit, though not much
in this forum.  I have some questions about such a PK scheme that perhaps
you can answer.  First, is it feasible to create multiple private keys that
can be validated by the same public key with reasonably strong security?  If
so, would it be possible when decrypting a signature to tell which private
key it was signed with?  The motivation for this would be to gain the
ability to do per-user validation without having to publish a separate
public key for every user.  Publishing per-user public keys would certainly
give a domain that capability, but it means publishing a list of valid local
addresses.  That is something most businesses would not be happy with.

Another motivation for wanting unique per-user signing keys is that it would
permit users to send mail through foreign MSA's.  In this case, the
signatures could be produced by the MUA's and can be validated by the
foreign MSA before accepting the message.  However, if there is a single
private key for a whole domain, it would be too big of a security risk to
put that key on a bunch of mobile computers that will operate on foreign
networks.

Still, as a per domain validation mechanism where the signing is done only
by the originating MSA or MTA, it does solve the problem quite nicely.  That
puts the onus back on ISP's to provide SMTP AUTH to allow roaming users to
send validated email.  This is something they should all provide in any
case, but at least here in the U.S., there seems to be a large amount of
resistance to it.

--

Seth Goodman

<Prev in Thread]	Current Thread	[Next in Thread>
Re: let's get rid of SRS, (continued) Re: let's get rid of SRS, Christopher Chan Re: let's get rid of SRS, George Mitchell Re: let's get rid of SRS, Daniel Taylor Re: let's get rid of SRS, Dustin D. Trammell RE: let's get rid of SRS, Seth Goodman Re: let's get rid of SRS, Mark RE: let's get rid of SRS, Seth Goodman Re: let's get rid of SRS, Meng Weng Wong Re: let's get rid of SRS, Mark let's get rid of SRS, Roger Moser RE: let's get rid of SRS, Seth Goodman <= RE: let's get rid of SRS, Neil Brown let's get rid of SRS, Roger Moser RE: let's get rid of SRS, Tony Finch RE: let's get rid of SRS, Seth Goodman RE: let's get rid of SRS, Nigel Metheringham RE: let's get rid of SRS, Dustin D. Trammell Re: let's get rid of SRS, Theo Schlossnagle Re: let's get rid of SRS, Daniel Taylor Re: let's get rid of SRS, Nico Kadel-Garcia let's get rid of SRS, Roger Moser