Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Tagmex - Architecture and Design

IP.com Disclosure Number: IPCOM000130169D
Publication Date: 2005-Oct-14

Publishing Venue

The IP.com Prior Art Database

Abstract

Tagmex is a suite of cryptographically-based protocols for identifying the originators of eMails. It provides two complimentary methods of protection: for the transmission path and for the message itself. It can also be used to identify solicited messages in bulk mailings, easing the task of separating 'spam' from legitimate mail. Tagmex uses public keys published in DNS, and generates pair-wise shared secrets for signing two-party tags which authenticate the information carried in the protocols. The cryptographic calculations required to detect unauthorised transmissions, and those required to validate a message header each add less than 2 milliseconds to the duration of an SMTP transaction.

This text was extracted from an HTML document.
This is the abbreviated version, containing approximately 4% of the total text.

Architecture and Design

Chris Haynes

http://tagmex.org/design.html

Abstract

Tagmex is a suite of cryptographically-based protocols for identifying the originators of eMails. It provides two complimentary methods of protection: for the transmission path and for the message itself. It can also be used to identify solicited messages in bulk mailings, easing the task of separating 'spam' from legitimate mail. Tagmex uses public keys published in DNS, and generates pair-wise shared secrets for signing two-party tags which authenticate the information carried in the protocols. The cryptographic calculations required to detect unauthorised transmissions, and those required to validate a message header each add less than 2 milliseconds to the duration of an SMTP transaction.

Contents

1 Problem overview, other responses

 

1.1 Mail abuse

 

1.2 Sender Policy Framework

 

1.3 Sender ID

 

1.4 SPF & SID - common deployment challenges

 

1.5 Domain Keys

 

 

1.5.1 DK - Concerns and vulnerabilities

 

1.6 Common architectural attributes

2 Tagmex architectural approach

 

2.1 Two-party tags

 

 

2.1.1 Tagmex in message headers

 

 

2.1.2 The Tagmex SMTP extension

 

2.2 Entities

 

2.3 Relationship between Domain Entities and their users

 

2.4 Shared secrets, public keys

 

2.5 Key stores

 

2.6 Caution on the dual use of cryptographic keys

3 Common Tagmex functions

 

3.1 Tagmex Versions

 

 

3.1.1 Tagmex Version 0

 

 

3.1.2 Digest algorithms

 

 

3.1.3 Future versions

 

3.2 Entity Policy

 

 

3.2.1 Size of Policy

 

 

3.2.2 Policy structure

 

 

3.2.3 Flags

 

 

3.2.4 Port

 

 

3.2.5 Agents

 

 

3.2.6 Public Keys

 

3.3 Mandatory association with MX services

 

3.4 Publishing of policies in DNS

 

 

3.4.1 Domain-entity policy nodes

 

 

3.4.2 Protection of mailbox identities

 

 

3.4.3 User-entity (mailbox) nodes

 

 

3.4.4 DNS records

 

3.5 Keys and signatures

4 Tagmex message headers

 

4.1 Common aspects

 

 

4.1.1 Header ordering

 

 

4.1.2 Header cross-references

 

 

4.1.3 Time stamps

 

 

4.1.4 Character sets

 

 

4.1.5 Digest algorithm

 

4.2 Tagmex-Origin header

 

 

4.2.1 Digest Algorithm

 

 

4.2.2 roles

 

 

4.2.3 body

 

 

4.2.4 time

 

 

4.2.5 tag

 

 

4.2.6 signed

 

 

4.2.7 Signatures

 

 

4.2.8 Uses of Origin header

 

4.3 Tagmex-Authority header

 

 

4.3.1 from-ref

 

 

4.3.2 to

 

 

4.3.3 to-ref

 

 

4.3.4 start

 

 

4.3.5 end

 

 

4.3.6 Other authority header items

 

4.4 Tagmex-Validation header

 

4.5 Tagmex-Extension header

5 Recipient privacy

6 Tagmex SMTP Extension - PERMIT

 

6.1 Tagmex PERMIT Extension

 

6.2 Mail transmission architecture

 

6.3 Transmission authorities

 

 

6.3.1 Outline of challenge-response process

 

 

6.3.2 Walk-through

 

6.4 Permit policy and transmission status

 

 

6.4.1 Transmission classification

 

 

6.4.2 Message disposition

 

6.5 The two MAIL FROM addresses

 

 

6.5.1 Policy formulation rules

 

 

6.5.2 Originating and Alias-Forwarding client rules

 

 

6.5.3 Operation with Tagmex-unaware alias forwarders

 

 

6.5.4 Forgery detection

 

 

6.5.5 Use of empty first address

 

 

6.5.6 Use of a single protected address

 

6.6 Authorisation process

 

 

6.6.1 Full example

 

6.7 Implementation and deployment strategies

 

 

6.7.1 Real-time transmission

 

 

6.7.2 MUAs and MSAs

 

 

6.7.3 Travelling Salesmen

 

 

6.7.4 Alias ex...