lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: vdongen at hetisw.nl (I.R.van Dongen)
Subject: Improving E-mail security...

Current situation of my organisation:

3 mx servers (of which one is accualy at our location)
12 smtp-relay servers on completely different netblocks.

In your opinion, there should be 12 public keys stored for just our 1 domain?

not to mention 3 public keys for our 3 mxs.

Our situation is not uncommon, most organisations don't have just one office network.

Besides the fact that someone has to store the keys on a central server, which can:
1) be hacked, which has the effect that mail cannot be send
2) be exploited by the 3th party trustee to make a lot of money (you want you mail to be send?)
3) be DDos'ed by kiddies to prevent all mail from being send.

> - E-mail receiving server could check that 'very first original' From: line 
> and if it is same than the receiver address ie. 'someone@...eone.com'
> 
> Perform an check to see if the 'sender identification' ie. salted public 
> key, GUID or something (X-Authenticated-Guid: #0a845d299ca340087140) exists 
> in mail header.
Without a challenge system, I can simply copy the Guid from any mail.

> 
> Delivery should be done only if an 'sender identification' exist and the key
> 
> matches.
> 
> Otherwise mail should be trashed to dev/null :)
> 
> Waiting for comments and succestions...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ