Presentation is loading. Please wait.

Presentation is loading. Please wait.

X-ASVP Technical Overview eXtensible Anti-spam Verification Protocol X-ASVP Committee Technical Working Group July 22, 2007.

Similar presentations


Presentation on theme: "X-ASVP Technical Overview eXtensible Anti-spam Verification Protocol X-ASVP Committee Technical Working Group July 22, 2007."— Presentation transcript:

1 X-ASVP Technical Overview eXtensible Anti-spam Verification Protocol X-ASVP Committee Technical Working Group July 22, 2007

2 Agenda Authentication Issues resolved by X-ASVP What the X-ASVP protocol does X-ASVP Approach X-ASVP Process flow URL “search path” algorithm Meta-document example What the protocol does not do Implementation resources

3 Issues resolved by X-ASVP SMTP does not include sender authentication Does not require modification to end-user interface – Current “add-on” authentication systems require end users to send e-mail from a specific SMTP server. – Multiple authentication systems are in use: SPF (RFC 4408), Sender-ID (RFC 4406), DKIM (RFC 4871) – IETF approved experimental RFC’s 4405, 4406, 4407, 4408 for SPF and Sender-ID for a two year period

4 What the protocol does Defines a “search-path” for finding a meta- document associated to an e-mail address Defines syntax for meta-document entities Defines syntax for X-ASVP mail header Provides a framework for Level 1 extensions to the protocol

5 X-ASVP Approach X-ASVP Algorithm produces 3 URL’s for any e-mail address (domain, tld, global) Authentication is accomplished by the sender visiting the recipient’s web server Recipient meta-document can contain multiple items: – Do Not E-mail Registry preference ( UCE ) – Authentication token (Level 1: ASVP-WEB) – Public Key (asymmetric encryption – PGP )

6 X-ASVP Process Flow Recipient posts an X-ASVP meta-document Sender collects recipient preferences from the posted meta-document (uses setting applicable to desired SMTP transaction ) – Bulk mail ( “legal” senders will follow UCE setting) – ASVP-WEB ( “token” included in mail header ) – PGP ( public key available on meta-document )

7

8 X-ASVP URL Algorithm Goals: Distributed, Redundant, Universal Hosts: 1. the domain, 2. top level domain, 3. global Rules: 1. All alpha converted to uppercase, 2. non-alpha numeric converted to underscore Example: John.Public1@foo.comJohn.Public1@foo.com – http://x-asvp.foo.com/FOO_COM/JOHN_PUBLIC1.HTM – http://www.x-asvp.com/FOO_COM/JOHN_PUBLIC1.HTM – http://www.x-asvp.info/COM/FOO_COM/JOHN_PUBLIC1.HTM

9 Meta-document example Token for Level 1 “ASVP-WEB” extension Do Not E-mail “Registration” Asymmetric encryption public key

10 Solution Data Flow

11 What the protocol does NOT do Does not limit the data that can be placed on a meta- document (syntax includes the container ) Does not limit extensions within the Level 1 method Does not define the algorithm for creating Level 1 data fields (for example, the “ASVP-WEB” token) Does not define the algorithm for verification of tokens

12 Implementation Resources ISP Implementation Details ( http://x-asvp.org/_pub/draft/HOWTO/ ) http://x-asvp.org/_pub/draft/HOWTO/ – DNS entry (x-asvp.domain.tld) – Web server virtual host – Meta-document generator script (example on committee website) – UCE setting (syntax available on committee website) Individual Implementation Details – Individuals can join the X-ASVP committee – Member TLD providers will host meta-documents for members of the committee


Download ppt "X-ASVP Technical Overview eXtensible Anti-spam Verification Protocol X-ASVP Committee Technical Working Group July 22, 2007."

Similar presentations


Ads by Google