Authentication Approaches

1
Authentication Approaches

• Phillip Hallam-Baker
• VeriSign Inc.

2
Why?

• Authentication Authorization Access Control
• Authentication
• IP Address
• Cryptographic
• Authorization
• Email Address Whitelists alice_at_example.com
• Domain Whitelists example.com
• Payment 0.01 stamp

3
How Strong is Enough?

• LIST Kiddies
• Like a script kiddie but they pay for the mailing
  list
• Actually a spam victim, they get worthless
  service in return
• SPAM Houses
• Will adapt to heuristic authentication approaches
• But it will cost them

4
PKI

• Infrastructure exists to
• Ensure that a party owns the purported domain
  name
• Ensure that legal process can be served on the
  certificate holder
• With a high (but not absolute) degree of
  confidence
• SECURITY IS RISK CONTROLNOT RISK ELIMINATION

5
Deployment Argument

• Authentication Compliments Filtering
• Network effect, aka Chicken and Egg problem
• Avoid false positives
• Without creating backdoors
• Allow all mail from hotmail.com, they use rate
  limiting
• Allows more aggressive criteria
• Cryptographic Authentication is robust
• Asymmetric work factor
• No viable counter-strategies

6
Problem Email Insecure by Default

• Downgrade attack
• I can tell a signed message comes from the sender
• I cannot assume an unsigned message is false
• Key is to know the security policy of the domain

7
DNS Based Security Policy

• Reverse IP look up
• Some Current Use
• Only demonstrates that the IP address has been
  assigned
• IPv4 address exhaustion will make this
  uninteresting
• Configuration problem servers handling 1000s
  of domains
• Many ISPs do not delegate reverse DNS as they
  should
• Get a new ISP is an idiotic deployment strategy

8
Forward DNS

• Address based authentication
• RCPT From Vixie
• Reverse MX
• Pro Lightweight, almost costless
• Pro Obsoletes most existing spamware
• Con Could be vulnerable to new spamware
• Con Some operational issues
• Con Only works if mail from domain is relayed

9
Generalized Security Policy

• Security Policy Advertisement Mechanism
• Advertise any form of security policy
• ALWAYS comes from address X, Y or Z
• OPTIONAL uses STARTTLS, cert root has SHA1 P
• OPTIONAL uses S/MIME, cert root has SHA1 Q
• OPTIONAL uses PGP, validate against XKMS R
• NEVER uses NULL Authentication
• Can be generalized to other protocols
• IPSEC, SSH, NNTP, POP, IMAP

10
This is Just a Bug

• We Are going to
• FIX IT