[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Asrg] Identified Mail draft

To: "Robert Rounthwaite" <robertro at exchange.microsoft.com>, <asrg at ietf.org>
Subject: RE: [Asrg] Identified Mail draft
From: Jim Fenton <fenton at cisco.com>
Date: Wed, 09 Jun 2004 21:55:44 -0700
In-reply-to: <14E20014EE879243A1A829B0620DBD8913A90A@DF-CLIFFORD-MSG.exc hange.corp.microsoft.com>
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-bounces at ietf.org

At 09:17 PM 6/9/2004 -0700, Robert Rounthwaite wrote:
>What value do you perceive in including the key in the message? Surely the domain-level verification is useless without the query to the originating domain? 
> 
>The only case in which I can see this as useful is when the signature is user-level and serves only to identify future mailings purporting to be from the same address as being from the same person. 

The main advantage is, as you point out, somewhat of an optimization.  By including the public key in the message, it's possible to check the signature integrity (is the signature correct given this message and this public key?) independently of the query to the originating domain's KRS (or the local cache) to see if the key is valid for this email address.  Potentially the KRS query could be eliminated entirely if the signature integrity check fails.

Even if the signature is at user-level, it does not identify mailings as being from the same person.  Registration of keys is entirely under control of the domain administrator, so there's nothing that guarantees that a private user-level key is actually under control of the user.

Since this (and similar) schemes are not entirely cryptographically-secure because they fundamentally depend on DNS, I have also been concerned about the risks associated with users depending on these signatures inappropriately, i.e. to authenticate financial transactions.  To a small extent, including the key in the message may emphasize that we are authenticating the message and checking its authorization, rather than authenticating the sender him/herself.  But that is a fine point.

> 
>But that would lead, IMO, to a public key optionally included in the message -- I don't see much benefit in being able to make the domain-level signature check without having talked to the domain owner first -- and including the key with every outgoing mail message from a large domain seems wasteful just to support what seems at best a minor optimization. But maybe I'm missing something...

You need to get the key somehow, either in the message or distributed independently.  If the key isn't in the message, a key identifier needs to be included (I think DomainKeys would call this a "selector").  Including the key in the message makes the message longer but considerably relieves the caching requirements for the key authorization (since you now need to cache only the key fingerprint and not the key itself).  It's not obvious to me that including the key in the message is wasteful.

-Jim

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Prev by Date: RE: [Asrg] Identified Mail draft
Next by Date: Re: FW: [Asrg] Subgroup on reputation and accreditation
Previous by thread: RE: [Asrg] Identified Mail draft
Next by thread: [Asrg] Mailfragments
Index(es):
- Date
- Thread