Bounce Address Tag Validation Bounce Address Tag Validation Bounce Address Tag Validation (BATV) (BATV) (BATV) IETF IETF D. Crocker D. Crocker San Diego San Diego J. Levine J. Levine 2004 2004 Sam Silberman Sam Silberman Tony Finch Tony Finch
✁ ✁ � ✁ � ✁ ✁ � � � ✁ � BATV – – Detecting forged MailFrom Detecting forged MailFrom BATV BATV – Detecting forged MailFrom Digital signature Digital signature Key based on RHS domain Key based on RHS domain Permit multiple schemes Permit multiple schemes (Sorry, but no choice) (Sorry, but no choice) Meta-syntax on LHS (local-part) for parameters Meta-syntax on LHS (local-part) for parameters Permits finding mailbox without understanding sig Permits finding mailbox without understanding sig Hard limit of 64 bytes for total of local-part Hard limit of 64 bytes for total of local-part mailbox@example.com → → → → → → → → mailbox@example.com batv=mailbox ailbox/scheme/parms@example.com /scheme/parms@example.com batv=m D. Crocker, Brandenburg InternetWorking 2 BATV, IETF San Diego 2004 2
Bounce Address Evaluation Venues Bounce Address Evaluation Venues Bounce Address Evaluation Venues Bounce Bounce Generation Receipt MSA MDA MDA MSA MDA MDA MTA MTA MTA MTA MTA MTA MTA MTA Original Relay D. Crocker, Brandenburg InternetWorking 3 BATV, IETF San Diego 2004 3
� � Base Scheme – – PSB0 PSB0 Base Scheme Base Scheme – PSB0 Private Signed Bounce zero Private Signed Bounce zero � Detected invalid received bounces � Detected invalid received bounces � Interpreted only by issuer � Interpreted only by issuer � Limited replay protection � Limited replay protection sig- -val val = = key key- -id id sig encrypt (<addr- -spec>, timestamp, spec>, timestamp, encrypt (<addr random- -string ) string ) random D. Crocker, Brandenburg InternetWorking 4 BATV, IETF San Diego 2004 4
� � � � Approach for Public Key Scheme Approach for Public Key Scheme Approach for Public Key Scheme Based on content standard, when available Based on content standard, when available Use all of the mechanism, but tune Use all of the mechanism, but tune computation to MailFrom limitations computation to MailFrom limitations � E.g., hash the signature into a short string. � E.g., hash the signature into a short string. D. Crocker, Brandenburg InternetWorking 5 BATV, IETF San Diego 2004 5
Recommend
More recommend