signing all outbound email

Anne & Lynn Wheeler lynn at garlic.com
Sat Sep 30 18:29:56 EDT 2006


Jon Callas wrote:
> Take a look at DKIM (Domain Keys Identified Mail) which does precisely 
> that. There is an IETF working group for it, and it is presently being 
> deployed by people like Yahoo, Google, and others. There's support for 
> it in SpamAssassin as well as a Sendmail milter.

recently published IETF RFC

... from my IETF RFC index
http://www.garlic.com/~lynn/rfcietff.htm

4686 I
  Analysis of Threats Motivating DomainKeys Identified Mail (DKIM), Fenton J., 2006/09/26 (29pp)    
  (.txt=70382) (Refs 1939, 2821, 2822, 3501, 4033) (was draft-ietf-dkim-threats-03.txt)

from the introduction:

The DomainKeys Identified Mail (DKIM) protocol is being specified by
the IETF DKIM Working Group.  The DKIM protocol defines a mechanism
by which email messages can be cryptographically signed, permitting a
signing domain to claim responsibility for the use of a given email
address.  Message recipients can verify the signature by querying the
signer's domain directly to retrieve the appropriate public key, and
thereby confirm that the message was attested to by a party in
possession of the private key for the signing domain.  This document
addresses threats relative to two works in progress by the DKIM
Working Group, the DKIM signature specification [DKIM-BASE] and DKIM
Sender Signing Practices [DKIM-SSP].

... snip ...

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list