Re: [Asrg] Proven solution for authenticating messages

[Prasenjeet Dutta <bulk@chaoszone.org>]

Hadmut Danisch wrote:

> - Almost the same could be achieved by simply using the
>   STARTTLS command of ESMTP. Our rackland server is configured
>   to use it, but a view on the log files shows that extremely
>   few other servers support this.
>
>   Why not simply use TLS if it already exists and is implemented? 
>   Because people refuse to use it.
It could also be because most PKI infrastructure is based on the X.509 
model, which (though scalable) requires folk needing a certificate to 
cough up cash to CAs like Verisign. Also, for secure personal 
communication (as opposed to electronic commerce), PGP has been arguably 
far more popular than S/MIME. Especially given its free, bottom-up 'web 
of trust' model, PGP may well succeed where the top-down X.509 has not.

Again, what is the goal of using TLS for email? Securing the messages? 
That opens up a new battle with the monitoring agencies. Or is it (from 
the anti-spam point of view) to let SMTP servers non-repudiably identify 
themselves? If this is the goal, then it can be done with far less 
overhead than TLS.

Digital signatures inserted by the *server* (not by the user, who should 
not have to bother with the complexity of this) to identify *itself*, 
using an  RFC 2440 infrastructure, may be more successful in making 
individual SMTP servers identifiable and accountable for what they spew 
onto the Internet. Consider this fragment:

O:  Received: from localhost by europa
O:    (Exim version 3.12 #1); Wed, 22 Jan 2003 07:10:06
O:  Origin-Server-Identity: public-key;
O:	europa.uri.com (12.10.58.222)
O:  Origin-Server-Key: <mailto:osk+europa@uri.com>
O:  Origin-Server-Signature: rfc2440; encoding=base64
O:	iQA/AwUAPi2tY1VioDO/jwwhEQIyrACg6HYQDh+ynXbfqSp+4hF3kfb6zQIAnRYN
O:	Ca1gPsBiRizLdYbtci4yVJRziQA/AwUAPi2tY1VioDO/jwwhEQIyrACg6HYQDh+y
O:	nXbfqSp+4hF3kfb6zQIAnRYNCa1gPsBiRizLdYbtci4yVJRz
O:	=1cuV
O:  Message-ID: <002b01c2c1b7$30889ab0$1c01010a@europa>

Here, the Origin-Server-Identity and Origin-Server-Key is signed and the 
signature is placed inline in the Origin-Server-Signature header. This 
signature can even be created offline as a one-time affair. The 
recipient server (or a plug-in within it) would have to compare the 
stated origin server name/IP address with the actual server name/IP 
address, and check if the key is trusted, as well as for revocation.

The best part is, given modern mail servers and their ability to run 
plug-ins, all of this is doable without any change to existing MTAs. No 
change is required to MUAs or users' email habits as well.


--
Prasenjeet Dutta
http://www.chaoszone.org/



_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg