[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] E-mail Postmarks

To: "Eric A. Hall" <ehall at ehsco.com>
Subject: Re: [Asrg] E-mail Postmarks
From: William Leibzon <william at completewhois.com>
Date: Tue, 8 Jun 2004 03:10:29 -0700 (PDT)
Cc: asrg at ietf.org, John Levine <asrg at johnlevine.com>
In-reply-to: <40C54D89.5070309@ehsco.com>
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <20040608041222.14776.qmail@xuxa.iecc.com> <40C54D89.5070309@ehsco.com>
Sender: asrg-bounces at ietf.org

On Tue, 8 Jun 2004, Eric A. Hall wrote:

On 6/7/2004 11:12 PM, John Levine wrote:

Oh, OK, it's modified S/MIME with domain rather than individual
signatures.  That's a reasonable idea that's come up from time
to time before.
Any thoughts about how the verification keys might be distributed.


Back-channel ESMTP verb is my preference. It's the same level of
reliability as any other channel. Also, it makes the cost of publishing
the key data equal to the cost of retrieving it, which is an important
piece of symmetry imo -- most other models put all of the punishment
(caching, blocking, etc) on the retrieval side, but all the benefits go
for the publisher, which punishes deployment.

There is problem with that approach. If you let public key be distributed as part of the same SMTP session as email itself, it actually means nothing. Reason are that I can't trust your public key to be really for your organization just because you say so at the time I'm talking to you. For example I could use openssl and easily create self-signed certificate claming to be aol.com, then if I use it in email session and provide public key as part of the process, the other side might actually believe I'm aol.com.

To be of any use crypto signature based email security proposals must provide for a way to retreive public keys based on CN (common name) or similar identity name that is part of the cryptographic signature. Its possible to do this by making the key available in dns, or by using dns as pointer to correct service that holds these keys or its even possible to do it by creating new SMTP command and requing recepient site to do SMTP callback to verify the signature.

But I don't think we'll gain much by extending SMTP to handle such callback system for retreival of public keys, in such case I think its better to just work on new protocol since it can possibly be of use for protocols other then SMTP. I can however mention that SMTP callback for certificate retriaval may have small advantage in how it may allow for dns wildcard support (see latest MARID discussions) but its somewhat complicated to get it done right nor is it really good place for such records as incoming mail servers often differ from outgoing.

---
William Leibzon
william at completewhois.com

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] E-mail Postmarks
  - From: Eric A. Hall

References:
- Re: [Asrg] E-mail Postmarks
  - From: John Levine
- Re: [Asrg] E-mail Postmarks
  - From: Eric A. Hall

Prev by Date: Re: [Asrg] Spam (?) messages that have *nothing* in them?
Next by Date: Re: [Asrg] E-mail Postmarks
Previous by thread: Re: [Asrg] E-mail Postmarks
Next by thread: Re: [Asrg] E-mail Postmarks
Index(es):
- Date
- Thread