Policy Considerations

Phill Hallam Baker

We have a choice

Choice 1

If it works don’t break it

Choice 2

Do the job right

An Architecture

A master plan

If we have to change• Layered Architecture

• Reusable Policy Statements

• Reusable discovery strategy

You can’t have securitywithout security policy

SSL

• Should I use security?

• HTTPS://

S/MIME, PGP

• No policy layer

• Authentication has limited use

STARTTLS

• The best email encryption we have

• Should be used 100%

• Vulnerable to a downgrade attack

We can fix discovery

Without changing the DNS infrastructure

Or waiting for it to change

Three step discovery1) policy = lookup (TXT, "_dkim.alice.example.com")

IF policy <> NULL THEN RETURN policy

2) pointer = lookup (PTR, “alice.example.com")IF pointer == NULL THEN RETURN NULL

3) policy = lookup (TXT, "_dkim." + pointer)return policy

To specify a wildcard use:*.example.com PTR _default.example.com

Choice 1 is best

Don’t boil the ocean

Unless we have to

Don’t end up with