allman dkim ssp 02
play

allman-dkim-ssp-02 Jim Fenton <fenton@cisco.com> IETF 68 - PowerPoint PPT Presentation

Oct 02, 2022 •172 likes •248 views

allman-dkim-ssp-02 Jim Fenton <fenton@cisco.com> IETF 68 Prague March 21, 2007 1 DKIM - IETF 68 SSP recent changes Removal of user policy Change in tag names to promote extensibility p -> dkim t -> dkimflag

  1. allman-dkim-ssp-02 Jim Fenton <fenton@cisco.com> IETF 68 – Prague March 21, 2007 1 DKIM - IETF 68

  2. SSP recent changes  Removal of “user” policy  Change in tag names to promote extensibility p -> dkim t -> dkimflag  Changes in SSP algorithm to fix problem described at last IETF  Current draft is expired, but new one coming soon! 2 DKIM - IETF 68

  3. SSP Open Issues  New “DKIMP” resource record vs TXT record  “Strict” policy  Policies placing limitations on selectors  Policies on multiple signatures to aid algorithm transitions  Use of PTR/XPTR to locate record  Resolution of open issues on SSP requirements 3 DKIM - IETF 68

  4. New SSP Algorithm (1 of 2)  1. If a valid Originator Signature exists, the message is non-Suspicious, and the algorithm terminates.  2. Query DNS for a DKIMP record corresponding to the domain part of the Originator Address. If the result of this query is a NODATA response, proceed to step 6. If the result of this query is a NXDOMAIN response, the message is Suspicious and the algorithm terminates. Otherwise, proceed to the following steps using the record retrieved by the query.  3. If the SSP "dkimflag" tag exists and any of the flags is "t" (indicating testing), the message is non-Suspicious and the algorithm terminates.  4. If the value of the SSP "dkim" tag is "unknown", the message is non-Suspicious and the algorithm terminates.  5. If the value of the SSP "dkim" tag is "all", and one or more Valid Signatures are present on the message, the message is non-Suspicious and the algorithm terminates. Otherwise, the message is Suspicious and the algorithm terminates. 4 DKIM - IETF 68

  5. New SSP Algorithm (2 of 2)  6. (check for parent domain policy) If the parent domain of the previous query is a top-level domain (e.g., a country code) or is on a list of invalid signing entries maintained by the verifier (see dkim-base section 6.1.1), then an SSP record was not found and the message is non-Suspicious and the algorithm terminates.  7. Query DNS for a DKIMP record corresponding to the immediate parent of the previous query. If the result of this query is a NODATA response, then proceed to stop 7.  8. If the SSP "dkimflag" tag exists and any of the flags is "t" (indicating testing) or "s" (indicating that the record should not be used apply to a subdomain), the message is non-Suspicious and the algorithm terminates. Otherwise proceed to step 4. 5 DKIM - IETF 68

  6. New SSP algorithm - comments  We’re back to an upward search, but only when a wildcard is present Wildcards seem to be relatively rare  Alternative would be to publish wildcard SSP Would also need to publish a “shadow” SSP record for every defined name in the zone Puts more burden on the publisher 6 DKIM - IETF 68

  7. Algorithm with TXT records  TXT records would use a prefix, e.g., _policy  NXDOMAIN on a query only means there’s no policy Separate query needed to see whether the domain exists Could be overlapped with policy query  Tradeoff of lookups vs. ease of deployment of TXT records 7 DKIM - IETF 68

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DomainKeys Identified Mail Overview (-01) Eric Allman Sendmail, Inc. Overview of DKIM

DomainKeys Identified Mail Overview (-01) Eric Allman Sendmail, Inc. Overview of DKIM

DomainKeys Identified Mail Overview (-01) Eric Allman Sendmail, Inc. Overview of DKIM Cryptography-based protocol, signs selected header fields and message body Intended to: Enable reliable domain name based reputation lookups

432 views • 15 slides
IETF 78 TPA-Label for ADSP DKIM Third-Party Authorization Label draft-otis-dkim-tpa-label By

IETF 78 TPA-Label for ADSP DKIM Third-Party Authorization Label draft-otis-dkim-tpa-label By

IETF 78 TPA-Label for ADSP DKIM Third-Party Authorization Label draft-otis-dkim-tpa-label By Douglas Otis &amp; Daniel Black Acceptance w/o Author Domain Signature and ADSP Reject or discard discardable w/o A-D sig breaks mailing lists

473 views • 10 slides
Third-Party DKIM Policy IETF 70 Transparent and Flexible Policy Compliance Douglas Otis

Third-Party DKIM Policy IETF 70 Transparent and Flexible Policy Compliance Douglas Otis

Third-Party DKIM Policy IETF 70 Transparent and Flexible Policy Compliance Douglas Otis Doug_Otis@trendmicro.com http://www.ietf.org/internet-drafts/draft-otis-dkim-tpa-ssp-02.txt SSP is based only upon the From header SSP assertions

364 views • 8 slides
Comments on DNS Robustness Mark Allman Reformed IETF Native Applied Networking Research

Comments on DNS Robustness Mark Allman Reformed IETF Native Applied Networking Research

Comments on DNS Robustness Mark Allman Reformed IETF Native Applied Networking Research Workshop July 2018 Been away so long I hardly knew the place, Gee, it's good to be back home Observation #1 Allman 2 Observation #2 1.6 SLDs

413 views • 26 slides
Allman &amp; Kaas, 1981 Zeki,

Allman &amp; Kaas, 1981 Zeki,

Allman &amp; Kaas, 1981 Zeki, 1978 IT neurons are tolerant to identity-preserving transformations Position Scale Context Rust &amp; DiCarlo, 2012 Selectivity and invariance

876 views • 69 slides
Disclosures We have no disclosures About the Presenters Benjamin A. T allman, PhD

Disclosures We have no disclosures About the Presenters Benjamin A. T allman, PhD

2/23/17 Mindfulness and TBI: Reducing Stress and Enhancing Health-Related Quality of Life (HRQL) 25 th Annual Anniversary BIA-IA Conference 2017 March 2 nd , 2017 Benjamin A. T allman, PhD Devin Smith, MD Disclosures We have no

427 views • 11 slides
SSL: Code Listing Authors: Meera Ganesan (meera.ganesan@intel.com) Dennis Kim (dkim@harris.com)

SSL: Code Listing Authors: Meera Ganesan (meera.ganesan@intel.com) Dennis Kim (dkim@harris.com)

String Searching Language SSL: Code Listing Authors: Meera Ganesan (meera.ganesan@intel.com) Dennis Kim (dkim@harris.com) Sandy MacDonald (sandymac@att.com) Satheesha Rangegowda (satheesha_rangegowda_923@agilent.com) SSL Page 1 05/12/2003

1.25k views • 39 slides
last chance for mail service ? DKIM TFMC2 01/2006 Mail service status More and more spam,

last chance for mail service ? DKIM TFMC2 01/2006 Mail service status More and more spam,

last chance for mail service ? DKIM TFMC2 01/2006 Mail service status More and more spam, fishing, spoofing, virus More and more energy in spam fighting More and more messages lost because : Imperfect automatic filtering

334 views • 18 slides
Automatische Rotation von DKIM- Schlsseln Berlin | 10.05.2014 | Stefan Neben System Engineer,

Automatische Rotation von DKIM- Schlsseln Berlin | 10.05.2014 | Stefan Neben System Engineer,

www.immobilienscout24.de Automatische Rotation von DKIM- Schlsseln Berlin | 10.05.2014 | Stefan Neben System Engineer, stefan.neben@immobilienscout24.de Immobilien Scout GmbH Angefangen hat es vor 15 Jahren mit Telefon und Post

810 views • 33 slides
' $ Prelimina ry Empirical Study of BTC T o ols Ma rk Allman, NASA GRC/BBN IPPM W

' $ Prelimina ry Empirical Study of BTC T o ols Ma rk Allman, NASA GRC/BBN IPPM W

' $ Prelimina ry Empirical Study of BTC T o ols Ma rk Allman, NASA GRC/BBN IPPM W G Meeting August 2000 &amp; % 1 ' $ Background Background W e have a draft BTC framew o rk a round which dierent BTC

350 views • 16 slides
What Ought A Program Committee To Do? Mark Allman International Computer Science Institute

What Ought A Program Committee To Do? Mark Allman International Computer Science Institute

What Ought A Program Committee To Do? Mark Allman International Computer Science Institute USENIX WOWCS April 2008 And when the radical priest Come to get me released We was all on the cover of Newsweek Overview Old World: Internet is

500 views • 11 slides
Lessons Learned From Sendmail (The Good, The Bad, The Ugly) Eric Allman, UC Berkeley (again)

Lessons Learned From Sendmail (The Good, The Bad, The Ugly) Eric Allman, UC Berkeley (again)

Lessons Learned From Sendmail (The Good, The Bad, The Ugly) Eric Allman, UC Berkeley (again) EuroBSDcon, Lillehammer Norway, September 2019 Disclaimers Please be kind I wrote this talk at 6:00am today. Nothing specifically BSD, although

486 views • 12 slides
On the identifiability of two tree mixtures for group-based models E. Allman 1 c 2 J. Rhodes 1 S.

On the identifiability of two tree mixtures for group-based models E. Allman 1 c 2 J. Rhodes 1 S.

On the identifiability of two tree mixtures for group-based models E. Allman 1 c 2 J. Rhodes 1 S. Petrovi S. Sullivant 3 1 University of Fairbanks, Alaska 2 University of Illinois Chicago 3 North Carolina State University Phylomania 2010

827 views • 36 slides
A Characterization of IPv6 Network Security Policy Mark Allman International Computer Science

A Characterization of IPv6 Network Security Policy Mark Allman International Computer Science

A Characterization of IPv6 Network Security Policy Mark Allman International Computer Science Institute MAPRG Meeting April 2016 Hey [IETF] I'm calling all stations Blowing down the wire tonight I'm singing through these power lines And I'm

551 views • 24 slides
Traffic Monitoring Considered Reasonable Mark Allman International Computer Science Institute

Traffic Monitoring Considered Reasonable Mark Allman International Computer Science Institute

Traffic Monitoring Considered Reasonable Mark Allman International Computer Science Institute CREDS May 23, 2013 The night is dark, but the sidewalks bright, And lined with the light of the livin A Story, Part 1 Internet Packet

249 views • 12 slides
DonaldsonThomas invariants for A-type square product quivers Justin Allman 1 anyi 2 ) (Joint

DonaldsonThomas invariants for A-type square product quivers Justin Allman 1 anyi 2 ) (Joint

DonaldsonThomas invariants for A-type square product quivers Justin Allman 1 anyi 2 ) (Joint work with Rich ard Rim 1 US Naval Academy 2 UNC Chapel Hill 4th Conference on Geometric Methods in Representation Theory University of Missouri,

672 views • 18 slides
The Advance Payment Model Application Process January 5, 2012 Agenda Todays Open Door Forum

The Advance Payment Model Application Process January 5, 2012 Agenda Todays Open Door Forum

The Advance Payment Model Application Process January 5, 2012 Agenda Todays Open Door Forum will cover: Overview of the Advance Payment Model How to Apply Review of the Application Questions How to Fill Out the Worksheet

569 views • 22 slides
Planning and Optimization G1. Factored MDPs Malte Helmert and Thomas Keller Universit at

Planning and Optimization G1. Factored MDPs Malte Helmert and Thomas Keller Universit at

Planning and Optimization G1. Factored MDPs Malte Helmert and Thomas Keller Universit at Basel December 4, 2019 Factored MDPs Planning Tasks Complexity Estimated Policy Evaluation Summary Content of this Course Foundations Logic

354 views • 33 slides
Successive Shortest Path (SSP) Algorithm with Multipliers Birgit Engels ZAIK University of

Successive Shortest Path (SSP) Algorithm with Multipliers Birgit Engels ZAIK University of

disposition complexity fractional vs. halfintegral mSSP algorithm heuristic Successive Shortest Path (SSP) Algorithm with Multipliers Birgit Engels ZAIK University of Cologne 13th Combinatorial Optimization Workshop January 11th-17th,

729 views • 61 slides
The Recycling Rate of Atmospheric Moisture Over the Past Two Decades (1988-2008) Liming Li,

The Recycling Rate of Atmospheric Moisture Over the Past Two Decades (1988-2008) Liming Li,

The Recycling Rate of Atmospheric Moisture Over the Past Two Decades (1988-2008) Liming Li, Moustafa Chahine, Edward Olsen, Eric Fetzer, Luke Chen, Xun Jiang, and Yuk Yung NASA Sounding Science Meeting, April, 2010 1 Overview Motivation

242 views • 21 slides
Developing an International Sponsored Student Program (SSP) 2 0 15 N A F S A A n n u a l Co n

Developing an International Sponsored Student Program (SSP) 2 0 15 N A F S A A n n u a l Co n

Developing an International Sponsored Student Program (SSP) 2 0 15 N A F S A A n n u a l Co n f e r e n c e Introduction Objective: To offer some guidance to institutions that are interested in creating a Sponsored Student Program, or

594 views • 14 slides
Knapsack problems in hyperbolic groups Andrey Nikolaev (Stevens Institute) GAGTA, May 2013

Knapsack problems in hyperbolic groups Andrey Nikolaev (Stevens Institute) GAGTA, May 2013

Knapsack problems in hyperbolic groups Andrey Nikolaev (Stevens Institute) GAGTA, May 2013 Based on joint work with A.Miasnikov and A.Ushakov Andrey Nikolaev (Stevens Institute) Knapsack problems in hyperbolic groups Non-commutative discrete

495 views • 38 slides
DAQ/Trigger status and planned developments Sergey Boyarinov Mar 5, 2019 DAQ/Trigger Hardware

DAQ/Trigger status and planned developments Sergey Boyarinov Mar 5, 2019 DAQ/Trigger Hardware

DAQ/Trigger status and planned developments Sergey Boyarinov Mar 5, 2019 DAQ/Trigger Hardware VXS (24) Global Trigger Crate VXS (1) FADCs (scalers) from fast detectors PMTs CLUSTERS (ECAL, PCAL, FTOF, CTOF, SSPs VTPs SEGMENTS HTCC,

594 views • 18 slides
Open Security Controls Assessment Language (OSCAL) Lunch with the OSCAL Developers David

Open Security Controls Assessment Language (OSCAL) Lunch with the OSCAL Developers David

Open Security Controls Assessment Language (OSCAL) Lunch with the OSCAL Developers David Waltermire National Institute of Standards and Technology Teleconference Overview 2 Ground Rules OSCAL Status Summary (5 minutes) Issues

298 views • 10 slides

More recommend