Report Origin Authentication <A NAME=x400roa> </A>

next up previous contents
Next: Proof of Submission Up: Origin Authentication Previous: Message Origin Authentication

Report Origin Authentication  

The report origin authentication service enables a message originator to authenticate the origin of a delivery/non-delivery report. This service counters the threat of masquerade (i.e., impersonation of the report originator). It is provided to the message originator, as well as to any MTA transferring the report, on a per-report basis using an asymmetric encryption technique. If a security label is present in the report, the service binds the security label to the report.

The reporting MTA provides this service by generating a report origin authentication check (i.e., a digital signature) and sending it in the report. The report origin authentication check may be generated when the message origin authentication check is present in the subject message. The report signature is computed as a function of the content identifier and security label of the subject message, the name of the recipient, and for:

a delivery report:
the time the message was delivered, and if requested by the originator, proof of delivery (see Section 11.6.3),
a non-delivery report:
the reason and diagnostic for non-delivery.

The report origin authentication check is derived using the reporting MTA's private key. The check is validated by the originator of the subject message, and any MTA transferring the message, using the MTA's public key certificate. This certificate may be transferred in the report, or obtained by some other means.

John Barkley
Fri Oct 7 16:17:21 EDT 1994