Message Authentication Signature Standards (MASS) BOF Jim Fenton Nathaniel Borenstein.

Slides:

Advertisements

Similar presentations

1 Mailing list software in the war against spam May 2005 Serge Aumont serge.aumont cru.fr.

Advertisements

Introduction to the Anti-Spam Research Group (ASRG) Presented by Yakov Shafranovich, ASRG Co-chair NIST Spam Technology Workshop Gaithersburg, Maryland,

Authentication Approaches Phillip Hallam-Baker VeriSign Inc.

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

How Will Authentication Reduce Global Spam? OECD Anti-Spam Task Force Pusan – September, 2004 Dave Crocker Brandenburg InternetWorking OECD Anti-Spam Task.

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

D. CrockerIntroduction to BATV 1 MIPA Bounce Address Tag Validation (BATV) “Was use of the bounce address authorized?” D. Crocker Brandenburg InternetWorking.

Sender ID Drafts Jim Lyon Microsoft Corporation 4 August 2004.

Chapter 5 Network Security Protocols in Practice Part I

1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.

Secure Systems.

DomainKeys Identified Mail (DKIM): Introduction and Overview Eric Allman Chief Science Officer Sendmail, Inc.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

DirectAccess is an Enterprise Solution: No support for Windows 7 Professional Requires two consecutive public IP addresses Cannot NAT to the DirectAccess.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

Application of Attribute Certificates in S/MIME Greg Colla & Michael Zolotarev Baltimore Technologies 47 th IETF Conference Adelaide, March 2000.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

DomainKeys Identified Mail (DKIM) D. Crocker ~ bbiw.net dkim.org  Consortium spec Derived from Yahoo DomainKeys and Cisco Identified Internet Mail  IETF.

DomainKeys Identified Mail (DKIM) D. Crocker Brandenburg InternetWorking mipassoc.org/mass  Derived from Yahoo DomainKeys and Cisco.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.

Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston.

Pilot project proposal: AffiL Affiliated domain names for trust Dave Crocker Brandenburg InternetWorking bbiw.net

Retention and Disposition. Are messages public records? At NMU, all messages composed and maintained on University hardware are considered.

Identity Based Sender Authentication for Spam Mitigation Sufian Hameed (FAST-NUCES) Tobias Kloht (University of Goetingen) Xiaoming Fu (University.

© 2007 Convio, Inc. Implementation of Yahoo DomainKeys Bill Pease, Chief Scientist Convio.

Sending Mark Kruger Coldfusionmuse.com Cfwebtools.com.

Electronic mail – protocol evolution. standards.

03/09/05Oregon State University X-Sig: An Signing Extension for the Simple Mail Transport Protocol (SMTP) Robert Rose 03/09/05.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

IST346 – Servies Agenda  What is ?  Policies  The technical side of  Components  Protocols  architecture  Security.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.

DNS-based Message-Transit Authentication Techniques D. Crocker Brandenburg InternetWorking D. Crocker Brandenburg InternetWorking.

Secure Socket Layer (SSL)

Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.

Authentications INBOX Authentication Panel San Jose, CA – 2004 Dave Crocker Brandenburg InternetWorking INBOX Authentication Panel San Jose, CA –

Certified Server Validation (CSV) “ An MTA is talking to me directly. Are they OK?” D. Crocker Brandenburg InternetWorking mipassoc.org/csv 10/8/2015 6:36.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Krerk Piromsopa. Network Security Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

MASS / DKIM BOF IETF – Paris 4 Août 2005 dkim.org  mipassoc.org/mass IETF – Paris 4 Août 2005 dkim.org  mipassoc.org/mass MIPA.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Module 9: Fundamentals of Securing Network Communication.

23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.

IETF 65, Dallas, TX1 Introduction to SSP Jim Fenton 22 March 2006.

Integrating security services with the automatic processing of content TERENA 2001 Antalya, May 2001 Francesco Gennai, Marina Buzzi Istituto.

EVON TAN KA VUN THECLA JOSEPH NOR FAEEZA ISMALI JESSICCA TOKIROI.

A Retrospective on Future Anti-Spam Standards Internet Society of China Beijing – September, 2004 Dave Crocker Brandenburg InternetWorking

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

Accredited DomainKeys: A Service Architecture for Improved Validation Accredited DomainKeys: A Service Architecture for Improved Validation.

IETF-64 DKIM BoF BoF Chairs Stephen Farrell Barry Leiba Domain Keys Identified Mail draft charter, mailing.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

Security in DNS(DNSSEC) Yalda Edalat Pramodh Pallapothu.

X-ASVP Executive Overview eXtensible Anti-spam Verification Protocol X-ASVP Committee Technical Working Group July 25, 2007.

IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

DNS Security Extension 1. Implication of Kaminsky Attack Dramatically reduces the complexity and increases the effectiveness of DNS cache poisoning –No.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 18 Domain Name System (DNS)

1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.

7.6 Secure Network Security / G.Steffen1. In This Section Threats to Protection List Overview of Encrypted Processing Example.

Discussion of OCP/SMTP profile and some Use cases Presented by Abbie Barbir

Draft-lemonade-imap-submit-00.txt “Forward without Download” Allow IMAP client to include previously- received message (or parts) in or as new message.

July 19, Secure Messaging Models Co-existence and Interoperability Russell W. Chung New York, NY July 19, 2005.

Sender Reputation in a Large Webmail Service by Bradley Taylor (2006) Presented by : Manoj Kumar & Harsha Vardhana.

(free certificate not available)

MASS BOF IETF63, Paris 4 August 2005

Presentation transcript:

Message Authentication Signature Standards (MASS) BOF Jim Fenton Nathaniel Borenstein

MASS BOF - Motivation Deny spammers/phishers/etc. the ability to send mis-identified mail Authorization based on IP address is being addressed by MARID Other approaches based on signatures in messages are out-of-scope for MARID

MASS relationship to MARID MARID: –Authorization based on IP address –Authorization records stored in DNS –Cryptographic approaches out-of-scope MASS: –Message authentication based on cryptographic signature –Authorization of key (and often key itself) May be stored in DNS May be a separate server

Potential commonalities between MASS and MARID Definition of Purportedly Responsible Address (PRA) Message marking to indicate successful/unsuccessful verification Eventual use of accreditation infrastructure –Although what’s being accredited may differ

Representative proposals DomainKeys –draft-delany-domainkeys-core-00 Identified Internet Mail –draft-fenton-identified-mail-00 Postmarks – Entity-to-entity S/MIME –draft-hallambaker-entity-00 MTA Signatures – Bounce Address Tag Validation – 06dc.htmlhttp://brandenburg.com/specifications/draft-crocker-marid-batv dc.html

Some potential issues Signature encapsulation –Signatures in headers –S/MIME Key management Canonicalization –What’s required to avoid signature breakage? –Treatment of headers Behavior through mailing lists

Where and when? Thursday, August :30 am (some agendas say 9:30) Marina 2 Mailing list: –Archive at