policy considerations phill hallam baker. we have a choice
TRANSCRIPT
![Page 1: Policy Considerations Phill Hallam Baker. We have a choice](https://reader031.vdocuments.us/reader031/viewer/2022020320/5697bfd81a28abf838caeb77/html5/thumbnails/1.jpg)
Policy Considerations
Phill Hallam Baker
![Page 2: Policy Considerations Phill Hallam Baker. We have a choice](https://reader031.vdocuments.us/reader031/viewer/2022020320/5697bfd81a28abf838caeb77/html5/thumbnails/2.jpg)
We have a choice
![Page 3: Policy Considerations Phill Hallam Baker. We have a choice](https://reader031.vdocuments.us/reader031/viewer/2022020320/5697bfd81a28abf838caeb77/html5/thumbnails/3.jpg)
Choice 1
![Page 4: Policy Considerations Phill Hallam Baker. We have a choice](https://reader031.vdocuments.us/reader031/viewer/2022020320/5697bfd81a28abf838caeb77/html5/thumbnails/4.jpg)
If it works don’t break it
![Page 5: Policy Considerations Phill Hallam Baker. We have a choice](https://reader031.vdocuments.us/reader031/viewer/2022020320/5697bfd81a28abf838caeb77/html5/thumbnails/5.jpg)
Choice 2
![Page 6: Policy Considerations Phill Hallam Baker. We have a choice](https://reader031.vdocuments.us/reader031/viewer/2022020320/5697bfd81a28abf838caeb77/html5/thumbnails/6.jpg)
Do the job right
![Page 7: Policy Considerations Phill Hallam Baker. We have a choice](https://reader031.vdocuments.us/reader031/viewer/2022020320/5697bfd81a28abf838caeb77/html5/thumbnails/7.jpg)
An Architecture
![Page 8: Policy Considerations Phill Hallam Baker. We have a choice](https://reader031.vdocuments.us/reader031/viewer/2022020320/5697bfd81a28abf838caeb77/html5/thumbnails/8.jpg)
A master plan
![Page 9: Policy Considerations Phill Hallam Baker. We have a choice](https://reader031.vdocuments.us/reader031/viewer/2022020320/5697bfd81a28abf838caeb77/html5/thumbnails/9.jpg)
If we have to change• Layered Architecture
• Reusable Policy Statements
• Reusable discovery strategy
![Page 10: Policy Considerations Phill Hallam Baker. We have a choice](https://reader031.vdocuments.us/reader031/viewer/2022020320/5697bfd81a28abf838caeb77/html5/thumbnails/10.jpg)
You can’t have securitywithout security policy
![Page 11: Policy Considerations Phill Hallam Baker. We have a choice](https://reader031.vdocuments.us/reader031/viewer/2022020320/5697bfd81a28abf838caeb77/html5/thumbnails/11.jpg)
SSL
• Should I use security?
• HTTPS://
![Page 12: Policy Considerations Phill Hallam Baker. We have a choice](https://reader031.vdocuments.us/reader031/viewer/2022020320/5697bfd81a28abf838caeb77/html5/thumbnails/12.jpg)
S/MIME, PGP
• No policy layer
• Authentication has limited use
![Page 13: Policy Considerations Phill Hallam Baker. We have a choice](https://reader031.vdocuments.us/reader031/viewer/2022020320/5697bfd81a28abf838caeb77/html5/thumbnails/13.jpg)
STARTTLS
• The best email encryption we have
• Should be used 100%
• Vulnerable to a downgrade attack
![Page 14: Policy Considerations Phill Hallam Baker. We have a choice](https://reader031.vdocuments.us/reader031/viewer/2022020320/5697bfd81a28abf838caeb77/html5/thumbnails/14.jpg)
We can fix discovery
Without changing the DNS infrastructure
Or waiting for it to change
![Page 15: Policy Considerations Phill Hallam Baker. We have a choice](https://reader031.vdocuments.us/reader031/viewer/2022020320/5697bfd81a28abf838caeb77/html5/thumbnails/15.jpg)
Three step discovery1) policy = lookup (TXT, "_dkim.alice.example.com")
IF policy <> NULL THEN RETURN policy
2) pointer = lookup (PTR, “alice.example.com")IF pointer == NULL THEN RETURN NULL
3) policy = lookup (TXT, "_dkim." + pointer)return policy
To specify a wildcard use:*.example.com PTR _default.example.com
![Page 16: Policy Considerations Phill Hallam Baker. We have a choice](https://reader031.vdocuments.us/reader031/viewer/2022020320/5697bfd81a28abf838caeb77/html5/thumbnails/16.jpg)
Choice 1 is best
![Page 17: Policy Considerations Phill Hallam Baker. We have a choice](https://reader031.vdocuments.us/reader031/viewer/2022020320/5697bfd81a28abf838caeb77/html5/thumbnails/17.jpg)
Don’t boil the ocean
![Page 18: Policy Considerations Phill Hallam Baker. We have a choice](https://reader031.vdocuments.us/reader031/viewer/2022020320/5697bfd81a28abf838caeb77/html5/thumbnails/18.jpg)
Unless we have to
![Page 19: Policy Considerations Phill Hallam Baker. We have a choice](https://reader031.vdocuments.us/reader031/viewer/2022020320/5697bfd81a28abf838caeb77/html5/thumbnails/19.jpg)
Don’t end up with