mailing list archives
Re: Digital signature to e-mail.
From: Thom O'Connor <thom () communigate com>
Date: Fri, 03 Jun 2005 12:26:45 -0700
Roberto Alcantara <roberto () fortalnet com br>
How it works:
Setup: Each protected e-mail (user () domain) have one public and
private key are stored in server side. Public key is stored in
user.userkeys.domain in TXT DNS record (RFC1035). User names
with dot will have some extra characters to fix url. Private
key is stored in secure local database (User Key Database,
UKD), with username/mail from/private key. Each client have
one password to access your SMTP account (SMTP Authentication,
User-based DNS public keys have certainly been discussed previously.
One major flaw is that now you've placed a list of some/all of your
valid users into a publicly available database. Spammers can simply
query DNS records in a "dictionary" style attack in order get a list of
your valid users.
In order to do this safely, your DNS server would have to provide a key
for every user-type DNS TXT query, even if the user did not really
exist. This "fake" response would allow for the DNS server to always
respond positively to the request. In addition, your DNS server would
then have to remember which fake users it had previously provided public
keys for, so that it could again give the same response the next time
(otherwise, you've again revealed information by providing a different
key for successive queries for the same user). Lastly, you would then
have to share this fake-user database across multiple DNS servers, again
to be consistent in response.
So yes, while it would be convenient to have a publicly available key
server for automatic signing and even encryption, there are risks (and
those risks increase when the key server in use (DNS-based or otherwise)
represents a relatively small and known set of domains).