Upload
keaton-davenport
View
22
Download
1
Tags:
Embed Size (px)
DESCRIPTION
X-ASVP Technical Overview. eXtensible Anti-spam Verification Protocol. X-ASVP Committee Technical Working Group July 22, 2007. Agenda. Authentication Issues resolved by X-ASVP What the X-ASVP protocol does X-ASVP Approach X-ASVP Process flow URL “search path” algorithm - PowerPoint PPT Presentation
Citation preview
X-ASVP Technical Overview
eXtensible Anti-spam Verification Protocol
X-ASVP Committee Technical Working Group
July 22, 2007
Agenda
Authentication Issues resolved by X-ASVP What the X-ASVP protocol does X-ASVP Approach X-ASVP Process flow URL “search path” algorithm Meta-document example What the protocol does not do Implementation resources
Issues resolved by X-ASVP
SMTP does not include sender authentication
Does not require modification to end-user interface– Current “add-on” authentication systems require end users
to send e-mail from a specific SMTP server.
– Multiple authentication systems are in use: SPF (RFC 4408), Sender-ID (RFC 4406), DKIM (RFC 4871)
– IETF approved experimental RFC’s 4405, 4406, 4407, 4408 for SPF and Sender-ID for a two year period
What the protocol does
Defines a “search-path” for finding a meta-document associated to an e-mail address
Defines syntax for meta-document entities
Defines syntax for X-ASVP mail header
Provides a framework for Level 1 extensions to the protocol
X-ASVP Approach
X-ASVP Algorithm produces 3 URL’s for any e-mail address (domain, tld, global)
Authentication is accomplished by the sender visiting the recipient’s web server
Recipient meta-document can contain multiple items: – Do Not E-mail Registry preference ( UCE ) – Authentication token (Level 1: ASVP-WEB)– Public Key (asymmetric encryption – PGP )
X-ASVP Process Flow
Recipient posts an X-ASVP meta-document
Sender collects recipient preferences from the posted meta-document (uses setting applicable to desired SMTP transaction ) – Bulk mail ( “legal” senders will follow UCE setting)– ASVP-WEB ( “token” included in mail header )– PGP ( public key available on meta-document )
X-ASVP Enabled (Executive View)IS
PIS
PX
-AS
VP
.tld
X-A
SV
P.t
ldX
-AS
VP
.in
foX
-AS
VP
.in
foR
ecip
ien
tR
ecip
ien
tS
en
de
rS
en
de
r
SMTP message created
PerformSearch Path query
X-ASVPEnabled
Deliver message
Is meta-document
found?
Recipient ISP Web Server X-ASVP.domain
SecondaryWeb Server X-ASVP.tld
Is meta-document found?
Is meta-document found?
TertiaryWeb Server
X-ASVP.info
Parse sequence_value
URL ?
URL ?
URL ?
No
No
Yes
Yes
Yes
Set sequence value = Default
No
Perform n-bit hash
Create properLevel header
Disposition per user setting
(i.e. discard or flag as likely spam)
Check if X-ASVPenabled
Has proper level header arrived? And is correct?
YesNo
NoYes
Read recipient settings from
local database
Yes
Inside the recipient’s meta-document is:
Use highest X-ASVP level recipient is known to support
Example Sender = [email protected]
URL = http://x-asvp.sacto.com/SACTO_COM/JOHN_DOE.HTM
URL = http://www.x-asvp.com/SACTO_COM/JOHN_DOE.HTM
URL = http://www.x-asvp.info/COM/SACTO_COM/JOHN_DOE.HTM
<ASVP-WEB>CC65301200751730615408adklesgjk0671647615440713</ASVP-WEB>Year MoDay Stringx F(x)
Filter could look for:1. static string2. a date based string3. a function based string(i.e. does F(x) = expected y ? )4. a combination of above5. Deprecated use (CC)6. G(ip) is a function of the IP received by the webserver
X-ASVPLevel > 1
Insert properLevel header
Send message
=S_noX-ASVP:V1[ASVP-WEB,S_no,JOHN_DOE@SACTO_COM]
Another level of filtering (yellow box) could be performed by recipient ISP.
20070623
cc
G(ip)
X-ASVP URL Algorithm
Goals: Distributed, Redundant, Universal
Hosts: 1. the domain, 2. top level domain, 3. global
Rules: 1. All alpha converted to uppercase,
2. non-alpha numeric converted to underscore
Example: [email protected]– http://x-asvp.foo.com/FOO_COM/JOHN_PUBLIC1.HTM– http://www.x-asvp.com/FOO_COM/JOHN_PUBLIC1.HTM– http://www.x-asvp.info/COM/FOO_COM/JOHN_PUBLIC1.HTM
Meta-document example
Token for Level 1 “ASVP-WEB” extension
Do Not E-mail “Registration”
Asymmetric encryption public key
Solution Data Flow
`
`
Sender Recipient
Bob’s Meta-Document------------------------------1. ASVP-WEB token2. UCE Setting3. Public Key4. Other data element
1
Initiate
Locate Meta-Document; parse settingshttp://x-asvp.bar.com/BAR_COM/BOB.HTM
2 auth
3 Send
4
Verify
5
Deliver
What the protocol does NOT do
Does not limit the data that can be placed on a meta-document (syntax includes the <P> container )
Does not limit extensions within the Level 1 method
Does not define the algorithm for creating Level 1 data fields (for example, the “ASVP-WEB” token)
Does not define the algorithm for verification of tokens
Implementation Resources
ISP Implementation Details (http://x-asvp.org/_pub/draft/HOWTO/ )– DNS entry (x-asvp.domain.tld)– Web server virtual host – Meta-document generator script (example on committee
website)– UCE setting (syntax available on committee website)
Individual Implementation Details– Individuals can join the X-ASVP committee– Member TLD providers will host meta-documents for
members of the committee