Re: Digital signature to e-mail.

[Thom O'Connor <thom () communigate com>]

Roberto Alcantara <roberto () fortalnet com br>
> > http://www.eletronica.org/softlab/userkeys/userkeys_english.htm
> How it works:
>
> Setup: Each protected e-mail (user@domain) have one public and
> private key are stored in server side. Public key is stored in
> user.userkeys.domain in TXT DNS record (RFC1035). User names
> with dot will have some extra characters to fix url. Private
> key is stored in secure local database (User Key Database,
> UKD), with username/mail from/private key. Each client have
> one password to access your SMTP account (SMTP Authentication,
> RFC2554).

User-based DNS public keys have certainly been discussed previously.

One major flaw is that now you've placed a list of some/all of your 
valid users into a publicly available database. Spammers can simply 
query DNS records in a "dictionary" style attack in order get a list of 
your valid users.

In order to do this safely, your DNS server would have to provide a key 
for every user-type DNS TXT query, even if the user did not really 
exist. This "fake" response would allow for the DNS server to always 
respond positively to the request. In addition, your DNS server would 
then have to remember which fake users it had previously provided public 
keys for, so that it could again give the same response the next time 
(otherwise, you've again revealed information by providing a different 
key for successive queries for the same user). Lastly, you would then 
have to share this fake-user database across multiple DNS servers, again 
to be consistent in response.

So yes, while it would be convenient to have a publicly available key 
server for automatic signing and even encryption, there are risks (and 
those risks increase when the key server in use (DNS-based or otherwise) 
represents a relatively small and known set of domains).

Cheers,

-t