[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Asrg] porkhash: flexible anti-impersonation mail signatures

To: Bob Atkinson <bobatk@exchange.microsoft.com>
Subject: RE: [Asrg] porkhash: flexible anti-impersonation mail signatures
From: william@elan.net
Date: Wed, 2 Apr 2003 14:23:52 -0800 (PST)
Cc: asrg@ietf.org
In-reply-to: <27C4E14288DB344FBA10705D57A9BB0406A945@DF-CHOPPER.platinum.corp.microsoft.com>
List-archive: <https://www1.ietf.org/pipermail/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-admin@ietf.org

Same as with S/MIME certs - if they got hold of your key, they can pretent 
to be you.

But there is actually way to help the situation with porkhash. Since we 
know that ever time email is received, there is a verification request 
done to the origin server  (and messageid is provided too!) - too many 
verification requests would signal something maybe wrong (i.e. you 
might expect 100 email from that client, maybe if they send to large 
email list - 1000, but 1 million - you know something is wrong). Plus
the request can be doublechecked and matched to messageid (though that 
requires verification server to be tied to messagetracking - just like in 
my proposal). 

I actually like this porkhash quite a bit. I'm thinking it can actually 
work best if tied to messagetracking (so instead of messagetracking being 
plaintext, we now have some crypto authentication) plus it also ties 
nicely into opt-out system.

On Wed, 2 Apr 2003, Bob Atkinson wrote:

> I see how this sort of approach can tie a particular timestamp and
> sender_id / email address together in a MAC which can be validated, but
> I'm missing how the MAC gets coupled to a given message. 
> 
> Was such a coupling intended?
> 
> If not, what's to prevent a spammer who gets his hands on one of these
> (a valid one) from then using it to send a million messages of his own
> (where of course he'll force all the other headers as necessary).
> 
> Confused,
> 
> 	Bob
> 
> -----Original Message-----
> From: asrg-admin@ietf.org [mailto:asrg-admin@ietf.org] On Behalf Of
> Justin Mason
> Sent: Wednesday, April 02, 2003 2:09 PM
> To: asrg@ietf.org
> 
> Hi all --
> 
> [...]
> 
> From: jm
> 
> There's 2 entirely separate components; the SMTP part, adding the
> header;
> and the CGI script, validating the header.  The only data they need to
> share is the secret passphrase, so they do not even need to be on the
> same
> network!  Here's how that works:
> 
> - header contains:
> 
>   sender_id (usually email addr?)
>   timestamp
>   opaque_md5_sum = md5(sender_id, timestamp, secretkey)
> 
> - CGI parses header to get:
> 
>   sender_id
>   timestamp
>   opaque_md5_sum
> 
> - CGI already has:
> 
>   secretkey
> 
> - it then computes md5(sender_id, timestamp, secretkey) and compares it
>   with opaque_md5_sum.
> 
> If it matches, ok, if not, it's an invalid signature.
> 
> [...]
> 
> 
> _______________________________________________
> Asrg mailing list
> Asrg@ietf.org
> https://www1.ietf.org/mailman/listinfo/asrg

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] porkhash: flexible anti-impersonation mail signatures
  - From: J C Lawrence

References:
- RE: [Asrg] porkhash: flexible anti-impersonation mail signatures
  - From: Bob Atkinson

Prev by Date: Re: [Asrg] 2.0 Metrics
Next by Date: RE: [Asrg] whitelisting server and not users
Previous by thread: RE: [Asrg] porkhash: flexible anti-impersonation mail signatures
Next by thread: Re: [Asrg] porkhash: flexible anti-impersonation mail signatures
Index(es):
- Date
- Thread