2006-04-10 (c) copyright 2006 Hector Santos 1

DSAPDKIM Signature Authorization Protocol

Hector SantosSantronics Software, Inc.

2006-04-10 (c) copyright 2006 Hector Santos 2

DSAP Summary

Security Problem:DKIM-BASE is an unprotected mail authentication and identification protocol.

DSAP Solution:Provide simple to implement DNS-based robust security wrapper to secure the unprotected DKIM-BASE protocol.Provide consistent protocol support software designs.

2006-04-10 (c) copyright 2006 Hector Santos 3

DSAP Goal and Objective

Protects Domain DKIM message signing Practice.Protects Domain Reputations.Reduces DKIM Verification Overhead.Simplifies DKIM Implementation Design considerations.Increases DKIM acceptability and lowers Adoptions Barriers

2006-04-10 (c) copyright 2006 Hector Santos 4

Unprotected DKIM ProtocolIntentional vague semantics.No protection against domain name exploitations.No foundation for consistent DKIM verification.Increases verification overhead.Places high burden on verification receivers.Little payoff (low efficiency).Hedges future on unknown, yet to be delivered, trusted-layers protocols (Reputation Services).

2006-04-10 (c) copyright 2006 Hector Santos 5

How Did We Get Here?

Original DKIM proof of concept included SSP (Sender Signing Policies). Separation of DKIM and SSP protocol.Poor SSP functional specifications.SSP de-emphasized in lieu of future trusted-layers business ventures.Making DKIM-BASE a standalone and unprotected protocol.

2006-04-10 (c) copyright 2006 Hector Santos 6

Other Non-SSP Considerations:

Trusted-Layers - Reputation ServicesNo Standard3rd party Trust Required“Batteries Required” DilemmaHighly isolated solution.

LMAP SolutionsSMTP basedProbably will be augmented as part of solution.

Problem?None offer direct protection for DKIM SignatureProblem?None offer direct protection for DKIM Signature

2006-04-10 (c) copyright 2006 Hector Santos 7

DKIM without DSAP

D K IM

F A IL /C L A S S IF Y

C O N T IN U E

IN V A L IDS IG N A T U R E

S IG N E DM E S S A G E

V A L IDS IG N A T U R E

P A S S

P A Y L O A D

C O N T IN U E /C L A S S IF Y

D K IM -B A S E r e c o m m e n d s to v ie w in v a l id s ig n a tu r e s a s i f i t d id n ’ t e x is t

U N D E T E C T E DF A IL U R E A N D F R A U D

U N S IG N E DM E S S A G E

2006-04-10 (c) copyright 2006 Hector Santos 8

Fundamental Flaws

Accept (Pass) Valid DKIM signaturesIgnore Invalid DKIM signaturesVoid of Highly Detectable Failures

2006-04-10 (c) copyright 2006 Hector Santos 9

DKIM with DSAP:

N O M A IL P O L IC Y

U N S IG N E D /S IG N A T U R E R E Q U IR E D

P O L IC IE S

S IG N E D /N O S IG N A T U R E E X P E C T E D

P O L IC IE S

D S A P

D K IM

F A IL /C L A S S IF Y

C O N T IN U E

IN V A L IDS IG N A T U R E

U N S IG N E D /S IG N A T U R E O P T IO N A L

P O L IC IE S

S IG N E DM E S S A G E

V A L IDS IG N A T U R E

P A S S

3 P S S IG N E D /N O 3 P S E X P E C T E D

P O L IC IE S

P A Y L O A D

C O N T IN U E /C L A S S IF Y

2006-04-10 (c) copyright 2006 Hector Santos 10

Detectable FailuresBefore Hash Verification

NO 3rd PARTY EXPECTED3rd PARTY SIGNED

NOT EXPECTEDSIGNED

EXPECTEDUNSIGNED

NO MAIL EXPECTED

SIGNING PRACTICEDKIM

2006-04-10 (c) copyright 2006 Hector Santos 11

Non-Detectable Failures

Altered Message Body IntegrityReordering of RFC 2822 headers

2006-04-10 (c) copyright 2006 Hector Santos 12

Why not use SSP?

Concerns about additional DNS lookups.Incomplete Protection.Incorrect DKIM integration.Not well understood (because of flaws)No consensus (because of flaws).

2006-04-10 (c) copyright 2006 Hector Santos 13

DNS Interface

Two DNS recordsDSAP Policy RecordPublic DKIM Key Record

Two Maximum LookupsPolicy: _selector._dkim.domain.comKey: _dkim.domain.com

With DSAP, Policy can short circuit Key lookup minimizing additional lookup concerns.

2006-04-10 (c) copyright 2006 Hector Santos 14

Current SSP Policies:

Signature Expected, No 3PSEXCLUSIVE (o=!)

Signature ExpectedUSER (o=^)

Signature Expected, 3PS allowedSTRONG (o=-)

Signature Optional, 3PS allowedNEUTRAL (o=~)

Signature Optional, No 3PSWEAK (o=? proposed)

No Signature ExpectedNONE (undefined)

No Mail ExpectedNOMAIL (0=.)

No SSP record defaults to NEUTRALNXDOMAIN

DeclarationSSP Policy

2006-04-10 (c) copyright 2006 Hector Santos 15

DSAP - Verifier Viewpoint:

Original Party Signature (OPS)Not Expected (-)Expected (+)Optional (~)

3rd Party Signature (3PS)No Expected (-)Expected (+)Optional (~)

2006-04-10 (c) copyright 2006 Hector Santos 16

Possible OPS and 3PS Policies

SP=;NOMAILNO MAIL

NEUTRAL

UNDEFINED

WEAK

STRONG

UNDEFINED

EXCLUSIVE

UNDEFINED

UNDEFINED

NONE

SSP (o=)

OP+,3P~OPTIONALEXPECTED

OP~,3P-NOT EXPECTEDOPTIONAL

OP~,3P+EXPECTEDOPTIONAL

OP~,3P~ OPTIONALOPTIONAL

OP+,3P+EXPECTEDEXPECTED

OP+,3P-NOT EXPECTEDEXPECTED

OP-,3P~OPTIONALNOT EXPECTED

OP-,3P+EXPECTEDNOT EXPECTED

OP-,3P-NOT EXPECTEDNOT EXPECTED

DSAP (sp=)3PSOPS

2006-04-10 (c) copyright 2006 Hector Santos 17

Multiple Signatures:Policies allows 3rd Party Signatures (3PS).

OP+,3P+OP+,3P~ (SSP, o=STRONG)OP~,3P+OP~,3P+

Reasons for 3PS (or re-signers).Broken IntegrityVendor Relationships (ISP, EPS, Clearinghouse)Middleware requirements

Original domains need to decide if multiple signatures are acceptable. If not, declare a 3P- policy.Domains with signature requirements but allow middleware changesshould declare a strong resigning requirement policy (OP+, 3P~).

2006-04-10 (c) copyright 2006 Hector Santos 18

Middle Ware & List Servers:

Identify middle ware design change requirements. Problem remains with LS integrity changes.Regulate Subscription from Restrictive DSAP Policies.Use DSAP policies to determine and honor 1st party versus 3rd party signature requirements.

2006-04-10 (c) copyright 2006 Hector Santos 19

Recommendation

Domains should not expose their domain reputation with a DKIM-BASE only implementation.Implement DSAP with DKIM-BASE.Analyze Domain Usage for proper DSAP policy declarations.

2006-04-10 (c) copyright 2006 Hector Santos 20

What’s Next?

Obtain WG feedback,Assist Developers with cross platform implementation DSAP models.

2006-04-10 (c) copyright 2006 Hector Santos 21

ConclusionIn order for DKIM to be well accepted, it needsto offer value to all parties. DSAP adds a simple to implement security layer around the unprotected core DKIM protocol.DSAP should be a fundamental natural part of DKIM protocol. If implemented, DKIM will have less of a negative impact on domain reputations and verifiers, and also makes it easier for developers to add DKIM signing support.

2006-04-10 (c) copyright 2006 Hector Santos 22

Hector Santos

hsantos@santronics.comhttp://www.santronics.comWildcat! Interactive Net ServerSilver Xpress Mail System