1 / 7

Message Authentication Signature Standards (MASS) BOF

Learn about MASS BOF addressing mail identification issues, cryptographic signatures, and authorization methods. Discuss potential commonalities with MARID and representative proposals like DomainKeys and MTA Signatures. Join the discussion on signature encapsulation, key management, and more. Date: Thursday, August 5 at 9-11:30 am in Marina 2.

rmohr
Download Presentation

Message Authentication Signature Standards (MASS) BOF

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Message Authentication Signature Standards (MASS) BOF Jim Fenton <fenton@cisco.com> Nathaniel Borenstein <nborenst@us.ibm.com>

  2. MASS BOF - Motivation • Deny spammers/phishers/etc. the ability to send mis-identified mail • Authorization based on IP address is being addressed by MARID • Other approaches based on signatures in messages are out-of-scope for MARID

  3. MASS relationship to MARID • MARID: • Authorization based on IP address • Authorization records stored in DNS • Cryptographic approaches out-of-scope • MASS: • Message authentication based on cryptographic signature • Authorization of key (and often key itself) • May be stored in DNS • May be a separate server

  4. Potential commonalities between MASS and MARID • Definition of Purportedly Responsible Address (PRA) • Message marking to indicate successful/unsuccessful verification • Eventual use of accreditation infrastructure • Although what’s being accredited may differ

  5. Representative proposals • DomainKeys • draft-delany-domainkeys-core-00 • Identified Internet Mail • draft-fenton-identified-mail-00 • E-mail Postmarks • http://www.lessspam.org/EmailPostmarks.pdf • Entity-to-entity S/MIME • draft-hallambaker-entity-00 • MTA Signatures • http://www.elan.net/~william/asrg/mta_signatures.html • Bounce Address Tag Validation • http://brandenburg.com/specifications/draft-crocker-marid-batv-00-06dc.html

  6. Some potential issues • Signature encapsulation • Signatures in headers • S/MIME • Key management • Canonicalization • What’s required to avoid signature breakage? • Treatment of headers • Behavior through mailing lists

  7. Where and when? • Thursday, August 5 • 9-11:30 am (some agendas say 9:30) • Marina 2 • Mailing list: <ietf-mailsig@imc.org> • Archive at http://www.imc.org/ietf-mailsig/

More Related