IETF 65, Dallas, TX1 Introduction to SSP Jim Fenton 22 March 2006.

Slides:

Advertisements

Similar presentations

STUN Open Issues Jonathan Rosenberg dynamicsoft. Changes since -00 Answered UNSAF considerations –Still awaiting response from Leslie on whether they.

Advertisements

Dealing with Spam A CyberAngels Tutorial. Contents Introduction - What is spam? Conclusion Quick Quiz.

A New Approach of Signing Documents with Symmetric Cryptosystems and an Arbitrator Nol Premasathian Faculty of Science King Mongkut’s.

Downgrade Design Team Discussion Results IETF 77 DDT.

DKIM WG IETF-67 DKIM Originating Signing Policy Douglas Otis

DomainKeys Identified Mail (DKIM): Introduction and Overview Eric Allman Chief Science Officer Sendmail, Inc.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

July 2008IETF 72 - NSIS1 Permission-Based Sending (PBS) NSLP: Network Traffic Authorization draft-hong-nsis-pbs-nslp-01 Se Gi Hong & Henning Schulzrinne.

Examining IP Header Fields

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.

August 15 click! 1 Basics Kitsap Regional Library.

This is the first page of the log in, this is were you enter your unique details.

DomainKeys Identified Mail (DKIM) D. Crocker ~ bbiw.net dkim.org  Consortium spec Derived from Yahoo DomainKeys and Cisco Identified Internet Mail  IETF.

DomainKeys Identified Mail (DKIM) D. Crocker Brandenburg InternetWorking mipassoc.org/mass  Derived from Yahoo DomainKeys and Cisco.

November 2009 Secure Data Transmission May 2014 What are Secure Methods of Transmission? Encrypted Services Encrypted Memory Sticks Fax Secure.

Pilot project proposal: AffiL Affiliated domain names for trust Dave Crocker Brandenburg InternetWorking bbiw.net

Identity Based Sender Authentication for Spam Mitigation Sufian Hameed (FAST-NUCES) Tobias Kloht (University of Goetingen) Xiaoming Fu (University.

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,

Defending DKIM IETF 65 Threats and Strategies Douglas Otis

DKIM Reporting Murray S. Kucherawy. The Problems to Solve Senders want to know when their brands are being violated –Mail being forged as coming from.

WB Carbon Finance Project Cycle and Role of Key Players Introduction to Carbon Finance March 10, 2004.

Message Authentication Signature Standards (MASS) BOF Jim Fenton Nathaniel Borenstein.

MASS / DKIM BOF IETF – Paris 4 Août 2005 dkim.org  mipassoc.org/mass IETF – Paris 4 Août 2005 dkim.org  mipassoc.org/mass MIPA.

Explicit Subscriptions for REFER draft-sparks-sipcore-refer-explicit-subscription-00 SIPCORE – IETF90 Robert Sparks.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

Ethics in Computers. Top 12 Ways to Protect Your Online Privacy 1) Do not reveal personal information inadvertently 2) Turn on cookie notices in your.

It’s a Big Deal. ‘It’s a Big Deal’  If a photo is sent to you, do not send it to other people.  If you receive a photo from someone you.

NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,

SPF/Sender-ID DNS & DDoS Threats Operations Analysis and Research Center for the Internet Douglas Otis November 3, 2007

Responsible Submitter An SMTP Service Extension IETF 60 San Diego, CA Harry Katz Microsoft Corp. 8/4/2004.

Georgios Kontaxis‡, Michalis Polychronakis‡, Angelos D. Keromytis‡, and Evangelos P.Markatos* ‡Columbia University and *FORTH-ICS USENIX-SEC (August, 2012)

ETIQUETTE BY MICHAEL TOLLEY. INCLUDE A CLEAR, DIRECT SUBJECT LINE. Examples of a good subject line include "Meeting date changed," "Quick question.

IETF-64 DKIM BoF BoF Chairs Stephen Farrell Barry Leiba Domain Keys Identified Mail draft charter, mailing.

SPF/Sender-ID DNS & DDoS Threats Internet Security Operations and Intelligence II Douglas Otis

Data Manipulation Jonathan Rosenberg dynamicsoft.

1 IETF 88 (Vancouver) November 6, 2013 Cullen Jennings V3.

RUCUS - IETF 71 1 Lessons Learned From IETF Antispam Work Jim Fenton.

CGA Extension Header for IPv6 draft-dong-savi-cga-header-03.txt Margaret Wasserman IETF 78, Maastricht July 2010.

MODULE 17 COMMUNICATION “Listening can be the key to understanding” What is communication and when is it effective? How can we improve communication with.

Mar 20, 2005IETF65 PANA WG Requirements for PANA support of location based services draft-anjum-pana-location-requirements-00.txt F. Anjum D. Famolari.

Serving the Public. Regulating the Profession. CANADA’S ANTI-SPAM LEGISLATION (CASL) Training for Chapters Based on Guidelines for Chapters First published.

“ Etiquette” By Keith C. Ivey Presentation by Allison Lange.

Role Of Network IDS in Network Perimeter Defense.

SIP Events: Changes and Open Issues IETF 50 / SIP Working Group Adam Roach

DKIM Policy Proposals. 3 Proposals ‘A La Carte’ Discovery Mechanism RISC Policy Description –Its (almost) all in the Key Records RISC Policy Description.

Trust Anchor Update Requirements for DNSSEC Russ Mundy for the editors Steve Crocker, Howard Eland, Russ Mundy.

Receipt Token Profile for Web Services Eric Gravengaard Reactivity.

ADDRESS INTERNATIONALIZATION ( EAI ) ICANN-55 Mar 06, 2016 TF-AIDN Member 35+ Min : 10- Min ( Q & A )

BGP Validation Russ White Rule11.us.

Can MAAWG bring a coherent view to the goals of SSP? MAAWG Toronto, 2006 D. Crocker Brandenburg InternetWorking bbiw.net.

 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.

SIP wg Items Jonathan Rosenberg dynamicsoft Caller Preferences: Changes Discussion of Redirects –Previous draft only proxy –Nothing different for redirect.

Internet Safety How to stay safe online.

Jonathan Rosenberg dynamicsoft

How do Web Applications Work?

Other DKIM-Related Drafts

Web Page Elements Writing For the Web

sip-identity-04 Added new response codes for various conditions

Whether you decide to use hidden frames or XMLHttp, there are several things you'll need to consider when building an Ajax application. Expanding the role.

Verstat Related Best Practices

What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.

Pooja programmer,cse department

RFC PASSporT Construction 6.2 Verifier Behavior

RFC PASSporT Construction 6.2 Verifier Behavior

Lecture 4 - Cryptography

Business Correspondence

STIR WG IETF-100 PASSPorT Extension for Resource-Priority Authorization (draft-ietf-stir-rph-01) November, 2017 Ray P. Singh, Martin Dolly, Subir Das,

9 ways to avoid viruses and spyware

STIR WG IETF-99 PASSPorT Extension for Resource-Priority Authorization (draft-ietf-stir-rph-00) July, 2017 Ray P. Singh, Martin Dolly, Subir Das, and An.

MASS BOF IETF63, Paris 4 August 2005

Presentation transcript:

IETF 65, Dallas, TX1 Introduction to SSP Jim Fenton 22 March 2006

2 IETF 65, Dallas, TX SSP – The Name Originally “Sender Signing Policy” “Sender Signing Practices” probably a better name Avoids over-use of the word “policy” More descriptive and less prescriptive – this is the intent But SSP is really correlated with Originator Address Should it be “Originator Signing Practices”?

3 IETF 65, Dallas, TX SSP – The Intent Suppose a verifier gets an unsigned message from example.com It would be helpful to know whether example.com normally signs their mail If it does, and this message isn’t signed, it’s “suspicious”

4 IETF 65, Dallas, TX Suspicious Used to describe messages that aren’t consistent with an originator’s signing practices Intentionally vague – doesn’t say anything about what to do Some legitimate messages will likely be suspicious Messages through lists that munge messages and don’t re-sign them It’s probably not good to over-react to suspicious messages Deleting them outright, without considerable experience

5 IETF 65, Dallas, TX Originator Address The address in the From header field i.e., the author of the message [RFC ] Not the Purported Responsible Address Absent a valid signature, there is no purported responsibility, as far as DKIM is concerned This has nothing to do with IPR issues!

6 IETF 65, Dallas, TX Third-Party Signatures Sometimes intermediaries modify message content Mailing lists do this a lot Some applications “legitimately” spoof addresses “Mail this article to a friend” Third-party signatures allow third parties such as these to take responsibility for the message Acceptance of arbitrary third-party signatures is arguably a huge security hole!

7 IETF 65, Dallas, TX Finding the SSP SSP is found using the origination address in the message example.com SSP is located at _policy._domainkey.example.com SSP lookup is not needed if a valid origination address signature is found SSP only offers information that is relevant in its absence

8 IETF 65, Dallas, TX SSP Policies …er… Practices* Symbol Proposed NameMeaning ~NEUTRALSigns some mail -STRONGSigns all mail !EXCLUSIVESigns all mail; third-party signatures should not be considered valid.NEVEREntity never sends mail ^USERRepeat query at user level * As of draft-allman-dkim-ssp-01

9 IETF 65, Dallas, TX Some SSP issues Questions about cryptic “SPF-like” syntax Suggested additional practices: “I don’t sign anything” “I don’t sign everything, but don’t accept third-party sigs” Concerns about not consulting SSP if valid OA sig Reporting address (r=) tag Localpart only (to avoid directing complaints elsewhere)? Is a reporting address even appropriate?