Can the ID command be trusted ?
2005-05-21 09:38:46
I gave what I thought was a simple valid answer to this question, and the
answer was ignored. Here is a second simple answer to the question. Sorry
to be a pain, but this is an important question, raised by several people,
and we never seem to get to a conclusion. I suspect we will not reach a
conclusion here, but I would like to get at least a clear summary of the
objection so that I can include it with the draft when it goes to the
IESG. I cannot write this summary myself, because quite honestly, I don't
understand the objection.
To recall the context, we are talking about an incoming email that looks
like this:
EHLO mailserver7.bigforwarder.com
ID bigforwarder.com
MAIL FROM:<bob(_at_)sales(_dot_)some-company(_dot_)com>
Then what's to prevent a forger from saying:
ID BillGates.microsoft.com
Any identity is insecure until there is some protocol for verifying it.
Every IP-authentication method has the problem what to do about
forwarders. We need an ID that can be used to authenticate each forwarder,
but SMTP has no such parameter. Different methods have solved this problem
in different ways.
Sender ID has added a SUBMITTER parameter:
MAIL FROM:<bob(_at_)sales(_dot_)some-company(_dot_)com>
SUBMITTER=bigforwarder.com
SPF uses SRS to "rewrite" the MAIL FROM command:
MAIL FROM:<bob#sales(_dot_)some-company(_dot_)com(_at_)bigforwarder(_dot_)com>
Neither of these can serve as a neutral ID declaration, due to restrictions
in each specification. SUBMITTER must be used with Sender ID and SRS must
be used with SPF.
All information in SMTP commands can be forged. Any ID must be
authenticated, whether it is provided as a SUBMITTER value, embedded in the
MAIL FROM command, or provided in a separate command. There is no
difference in the security of one syntax versus another.
It is the ID owner's responsibility to provide DNS authentication records
appropriate for its chosen authentication methods. If SUBMITTER is to be
supported, then Sender ID records must be provided. If SRS is to be
supported, then SPF records must be provided. If the ID command is to be
supported, then records must be provided for at least one method the
receiver has installed. The ID command provides the same information as
the alternatives, but without the restriction that it must be used with
only one authentication method.
For example, if a query to _AUTH.<ID> (or whatever is the neutral location)
shows only SPF records are provided, then the receiver must run an SPF
check, using the ID as if it had been provided by the SRS syntax. If only
Sender ID records are provided, then the ID must be treated as if it had
been provided using the SUBMITTER syntax. If only CSV records are
provided, then the EHLO identity must be checked exactly as required by
that method. If records are provided supporting different methods, then
the receiver may have some flexibility in choosing which method to apply.
--
Dave
************************************************************ *
* David MacQuigg, PhD email: david_macquigg at yahoo.com * *
* IC Design Engineer phone: USA 520-721-4583 * * *
* Analog Design Methodologies * * *
* 9320 East Mikelyn Lane * * *
* VRS Consulting, P.C. Tucson, Arizona 85710 *
************************************************************ *
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: Avoiding the DNS Hunt, (continued)
- Re: Avoiding the DNS Hunt, Stuart D. Gathman
- Is the ID command hearsay ?, David MacQuigg
- Re: Is the ID command hearsay ?, Stuart D. Gathman
- Re: Is the ID command hearsay ?, David MacQuigg
- Can the ID command be trusted ?,
David MacQuigg <=
- Re: Can the ID command be trusted ?, Frank Ellermann
- Alternative Neutral IDs, David MacQuigg
- Re: Alternative Neutral IDs, Frank Ellermann
- Re: Avoiding the DNS Hunt, Julian Mehnle
- Re: Avoiding the DNS Hunt, David MacQuigg
- Re: Avoiding the DNS Hunt, Alex van den Bogaerdt
- Re: Avoiding the DNS Hunt, Julian Mehnle
- Re: Avoiding the DNS Hunt, David MacQuigg
- Re: Avoiding the DNS Hunt, Julian Mehnle
- Re: Avoiding the DNS Hunt, David MacQuigg
|
|
|