1 / 19

Policy Considerations

Policy Considerations. Phill Hallam Baker. We have a choice. Choice 1. If it works don’t break it. Choice 2. Do the job right. An Architecture. A master plan. If we have to change. Layered Architecture Reusable Policy Statements Reusable discovery strategy.

sethhill
Download Presentation

Policy Considerations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Policy Considerations Phill Hallam Baker

  2. We have a choice

  3. Choice 1

  4. If it works don’t break it

  5. Choice 2

  6. Do the job right

  7. An Architecture

  8. A master plan

  9. If we have to change • Layered Architecture • Reusable Policy Statements • Reusable discovery strategy

  10. You can’t have securitywithout security policy

  11. SSL • Should I use security? • HTTPS://

  12. S/MIME, PGP • No policy layer • Authentication has limited use

  13. STARTTLS • The best email encryption we have • Should be used 100% • Vulnerable to a downgrade attack

  14. We can fix discovery Without changing the DNS infrastructure Or waiting for it to change

  15. Three step discovery 1) policy = lookup (TXT, "_dkim.alice.example.com") IF policy <> NULL THEN RETURN policy 2) pointer = lookup (PTR, “alice.example.com") IF pointer == NULL THEN RETURN NULL 3) policy = lookup (TXT, "_dkim." + pointer) return policy To specify a wildcard use: *.example.com PTR _default.example.com

  16. Choice 1 is best

  17. Don’t boil the ocean

  18. Unless we have to

  19. Don’t end up with

More Related