Presentation is loading. Please wait.

Presentation is loading. Please wait.

IETF 65, Dallas, TX1 Introduction to SSP Jim Fenton 22 March 2006.

Published byCarmel Lynch Modified over 8 years ago

Similar presentations

Presentation on theme: "IETF 65, Dallas, TX1 Introduction to SSP Jim Fenton 22 March 2006."— Presentation transcript:

1 IETF 65, Dallas, TX1 Introduction to SSP Jim Fenton 22 March 2006

2 2 IETF 65, Dallas, TX SSP – The Name Originally “Sender Signing Policy” “Sender Signing Practices” probably a better name Avoids over-use of the word “policy” More descriptive and less prescriptive – this is the intent But SSP is really correlated with Originator Address Should it be “Originator Signing Practices”?

3 3 IETF 65, Dallas, TX SSP – The Intent Suppose a verifier gets an unsigned message from example.com It would be helpful to know whether example.com normally signs their mail If it does, and this message isn’t signed, it’s “suspicious”

4 4 IETF 65, Dallas, TX Suspicious Used to describe messages that aren’t consistent with an originator’s signing practices Intentionally vague – doesn’t say anything about what to do Some legitimate messages will likely be suspicious Messages through lists that munge messages and don’t re-sign them It’s probably not good to over-react to suspicious messages Deleting them outright, without considerable experience

5 5 IETF 65, Dallas, TX Originator Address The address in the From header field i.e., the author of the message [RFC 2822 3.6.2] Not the Purported Responsible Address Absent a valid signature, there is no purported responsibility, as far as DKIM is concerned This has nothing to do with IPR issues!

6 6 IETF 65, Dallas, TX Third-Party Signatures Sometimes intermediaries modify message content Mailing lists do this a lot Some applications “legitimately” spoof addresses “Mail this article to a friend” Third-party signatures allow third parties such as these to take responsibility for the message Acceptance of arbitrary third-party signatures is arguably a huge security hole!

7 7 IETF 65, Dallas, TX Finding the SSP SSP is found using the origination address in the message example.com SSP is located at _policy._domainkey.example.com SSP lookup is not needed if a valid origination address signature is found SSP only offers information that is relevant in its absence

8 8 IETF 65, Dallas, TX SSP Policies …er… Practices* Symbol Proposed NameMeaning ~NEUTRALSigns some mail -STRONGSigns all mail !EXCLUSIVESigns all mail; third-party signatures should not be considered valid.NEVEREntity never sends mail ^USERRepeat query at user level * As of draft-allman-dkim-ssp-01

9 9 IETF 65, Dallas, TX Some SSP issues Questions about cryptic “SPF-like” syntax Suggested additional practices: “I don’t sign anything” “I don’t sign everything, but don’t accept third-party sigs” Concerns about not consulting SSP if valid OA sig Reporting address (r=) tag Localpart only (to avoid directing complaints elsewhere)? Is a reporting address even appropriate?

Download ppt "IETF 65, Dallas, TX1 Introduction to SSP Jim Fenton 22 March 2006."

Similar presentations

STUN Open Issues Jonathan Rosenberg dynamicsoft. Changes since -00 Answered UNSAF considerations –Still awaiting response from Leslie on whether they.

STUN Open Issues Jonathan Rosenberg dynamicsoft. Changes since -00 Answered UNSAF considerations –Still awaiting response from Leslie on whether they.
Dealing with Spam A CyberAngels Tutorial. Contents Introduction - What is spam? Conclusion Quick Quiz.

Dealing with Spam A CyberAngels Tutorial. Contents Introduction - What is spam? Conclusion Quick Quiz.
A New Approach of Signing Documents with Symmetric Cryptosystems and an Arbitrator Nol Premasathian Faculty of Science King Mongkut’s.

A New Approach of Signing Documents with Symmetric Cryptosystems and an Arbitrator Nol Premasathian Faculty of Science King Mongkut’s.
Downgrade Design Team Discussion Results IETF 77 DDT.

Downgrade Design Team Discussion Results IETF 77 DDT.
DKIM WG IETF-67 DKIM Originating Signing Policy Douglas Otis

DKIM WG IETF-67 DKIM Originating Signing Policy Douglas Otis
DomainKeys Identified Mail (DKIM): Introduction and Overview Eric Allman Chief Science Officer Sendmail, Inc.

DomainKeys Identified Mail (DKIM): Introduction and Overview Eric Allman Chief Science Officer Sendmail, Inc.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
July 2008IETF 72 - NSIS1 Permission-Based Sending (PBS) NSLP: Network Traffic Authorization draft-hong-nsis-pbs-nslp-01 Se Gi Hong & Henning Schulzrinne.

July 2008IETF 72 - NSIS1 Permission-Based Sending (PBS) NSLP: Network Traffic Authorization draft-hong-nsis-pbs-nslp-01 Se Gi Hong & Henning Schulzrinne.
Examining IP Header Fields

Examining IP Header Fields
1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.
August 15 click! 1 Email Basics Kitsap Regional Library.

August 15 click! 1 Basics Kitsap Regional Library.
This is the first page of the log in, this is were you enter your unique email details.

This is the first page of the log in, this is were you enter your unique details.
DomainKeys Identified Mail (DKIM) D. Crocker ~ bbiw.net dkim.org  Consortium spec Derived from Yahoo DomainKeys and Cisco Identified Internet Mail  IETF.

DomainKeys Identified Mail (DKIM) D. Crocker ~ bbiw.net dkim.org  Consortium spec Derived from Yahoo DomainKeys and Cisco Identified Internet Mail  IETF.
DomainKeys Identified Mail (DKIM) D. Crocker Brandenburg InternetWorking mipassoc.org/mass  Derived from Yahoo DomainKeys and Cisco.

DomainKeys Identified Mail (DKIM) D. Crocker Brandenburg InternetWorking mipassoc.org/mass  Derived from Yahoo DomainKeys and Cisco.
November 2009 Secure Data Transmission May 2014 What are Secure Methods of Transmission? Encrypted Email Services Encrypted Memory Sticks Fax Secure.

November 2009 Secure Data Transmission May 2014 What are Secure Methods of Transmission? Encrypted Services Encrypted Memory Sticks Fax Secure.
Pilot project proposal: AffiL Affiliated domain names for trust Dave Crocker Brandenburg InternetWorking bbiw.net

Pilot project proposal: AffiL Affiliated domain names for trust Dave Crocker Brandenburg InternetWorking bbiw.net
Identity Based Email Sender Authentication for Spam Mitigation Sufian Hameed (FAST-NUCES) Tobias Kloht (University of Goetingen) Xiaoming Fu (University.

Identity Based Sender Authentication for Spam Mitigation Sufian Hameed (FAST-NUCES) Tobias Kloht (University of Goetingen) Xiaoming Fu (University.
PHISHING AND SPAM EMAIL INTRODUCTION There’s a good chance that in the past week you have received at least one email that pretends to be from your bank,

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Defending DKIM IETF 65 Threats and Strategies Douglas Otis

Defending DKIM IETF 65 Threats and Strategies Douglas Otis
DKIM Reporting Murray S. Kucherawy. The Problems to Solve Senders want to know when their brands are being violated –Mail being forged as coming from.

DKIM Reporting Murray S. Kucherawy. The Problems to Solve Senders want to know when their brands are being violated –Mail being forged as coming from.

Similar presentations

Ads by Google