x asvp technical overview n.
Skip this Video
Loading SlideShow in 5 Seconds..
X-ASVP Technical Overview PowerPoint Presentation
Download Presentation
X-ASVP Technical Overview

Loading in 2 Seconds...

play fullscreen
1 / 12

X-ASVP Technical Overview - PowerPoint PPT Presentation

  • Uploaded on

X-ASVP Technical Overview. eXtensible Anti-spam Verification Protocol. X-ASVP Committee Technical Working Group July 22, 2007. Agenda. Authentication Issues resolved by X-ASVP What the X-ASVP protocol does X-ASVP Approach X-ASVP Process flow URL “search path” algorithm

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'X-ASVP Technical Overview' - keaton-davenport

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
x asvp technical overview

X-ASVP Technical Overview

eXtensible Anti-spam Verification Protocol

X-ASVP Committee Technical Working Group

July 22, 2007

  • Authentication Issues resolved by X-ASVP
  • What the X-ASVP protocol does
  • X-ASVP Approach
  • X-ASVP Process flow
  • URL “search path” algorithm
  • Meta-document example
  • What the protocol does not do
  • Implementation resources
issues resolved by x asvp
Issues resolved by X-ASVP
  • SMTP does not include sender authentication
  • Does not require modification to end-user interface
    • Current “add-on” authentication systems require end users to send e-mail from a specific SMTP server.
    • Multiple authentication systems are in use: SPF (RFC 4408), Sender-ID (RFC 4406), DKIM (RFC 4871)
    • IETF approved experimental RFC’s 4405, 4406, 4407, 4408 for SPF and Sender-ID for a two year period
what the protocol does
What the protocol does
  • Defines a “search-path” for finding a meta-document associated to an e-mail address
  • Defines syntax for meta-document entities
  • Defines syntax for X-ASVP mail header
  • Provides a framework for Level 1 extensions to the protocol
x asvp approach
X-ASVP Approach
  • X-ASVP Algorithm produces 3 URL’s for any e-mail address (domain, tld, global)
  • Authentication is accomplished by the sender visiting the recipient’s web server
  • Recipient meta-document can contain multiple items:
    • Do Not E-mail Registry preference ( UCE )
    • Authentication token (Level 1: ASVP-WEB)
    • Public Key (asymmetric encryption – PGP )
x asvp process flow
X-ASVP Process Flow
  • Recipient posts an X-ASVP meta-document
  • Sender collects recipient preferences from the posted meta-document (uses setting applicable to desired SMTP transaction )
    • Bulk mail ( “legal” senders will follow UCE setting)
    • ASVP-WEB ( “token” included in mail header )
    • PGP ( public key available on meta-document )
x asvp url algorithm
X-ASVP URL Algorithm
  • Goals: Distributed, Redundant, Universal
  • Hosts: 1. the domain, 2. top level domain, 3. global
  • Rules: 1. All alpha converted to uppercase,

2. non-alpha numeric converted to underscore

  • Example: John.Public1@foo.com
    • http://x-asvp.foo.com/FOO_COM/JOHN_PUBLIC1.HTM
    • http://www.x-asvp.com/FOO_COM/JOHN_PUBLIC1.HTM
    • http://www.x-asvp.info/COM/FOO_COM/JOHN_PUBLIC1.HTM
meta document example
Meta-document example

Token for Level 1 “ASVP-WEB” extension

Do Not E-mail “Registration”

Asymmetric encryption public key

what the protocol does not do
What the protocol does NOT do
  • Does not limit the data that can be placed on a meta-document (syntax includes the <P> container )
  • Does not limit extensions within the Level 1 method
  • Does not define the algorithm for creating Level 1 data fields (for example, the “ASVP-WEB” token)
  • Does not define the algorithm for verification of tokens
implementation resources
Implementation Resources
  • ISP Implementation Details (http://x-asvp.org/_pub/draft/HOWTO/ )
    • DNS entry (x-asvp.domain.tld)
    • Web server virtual host
    • Meta-document generator script (example on committee website)
    • UCE setting (syntax available on committee website)
  • Individual Implementation Details
    • Individuals can join the X-ASVP committee
    • Member TLD providers will host meta-documents for members of the committee