spf-discuss
[Top] [All Lists]

RE: let's get rid of SRS

2004-05-19 20:48:18
On Wednesday May 19, sethg(_at_)GoodmanAssociates(_dot_)com wrote:
The sender signs a hash of the envelope sender (plus time stamp)
by using a
private RSA key and in the SPF record publishs the pulic key
needed to check
the signature. For example: "v=spf1 a mx ses:...public_key...
-all" meaning
"all mail from us has a signed envelope sender and here is the method to
check it".

This is a really good idea and has been kicked around a bit, though not much
in this forum.  I have some questions about such a PK scheme that perhaps
you can answer.  First, is it feasible to create multiple private keys that
can be validated by the same public key with reasonably strong security?  If
so, would it be possible when decrypting a signature to tell which private
key it was signed with?  The motivation for this would be to gain the
ability to do per-user validation without having to publish a separate
public key for every user.  Publishing per-user public keys would certainly
give a domain that capability, but it means publishing a list of valid local
addresses.  That is something most businesses would not be happy with.

This should be quite practical using SSL certificates (or are they
X.500 or something?? anyway, the certificates that openssl generates).

You create your own key-signing certificate and give a personal
certificate to any user who wants one.

When you get a "STARTTLS" SMTP request, you do an SPF lookup on the
domain in EHLO and see if they advertise a certificate:
   .... cert=https://%d/STMPCERT.crt ...
or whatever.
You collect that certificate (if you don't have it cached already),
and then proceeded with the SSL handshake using the received
certificate as your trust base.  If SSL tells you that the client
provided a trusted certificate, you know it was signed by that
domain.  You get the CommonName out of the certificate and....

here comes the tricky bit.
Do you require the return-path to match the certificate?
Or require the sender:, or in it's absence the From: to match the
certificate?
Or do you replace any Sender: with the name from the certificate
unless it matches the from?
Do you allow wildcard matching (so that multiple VERPed return-paths
can be authenticated with the one certificate).

I think this would be a good alternative for roaming users.

NeilBrown


<Prev in Thread] Current Thread [Next in Thread>