DomainKeys Identified Mail (DKIM) D. Crocker ~ bbiw.net dkim.org  Consortium spec Derived from Yahoo DomainKeys and Cisco Identified Internet Mail  IETF.

Slides:

Advertisements

Similar presentations

RPKI Standards Activity Geoff Huston APNIC February 2010.

Advertisements

Proposal for a Pilot Project: Using DKIM to Create a Trust Channel Dave Crocker Brandenburg InternetWorking bbiw.net Dave Crocker Brandenburg InternetWorking.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 22: Internet Security Protocols and.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

D. CrockerIntroduction to BATV 1 MIPA Bounce Address Tag Validation (BATV) “Was use of the bounce address authorized?” D. Crocker Brandenburg InternetWorking.

DKIM WG IETF-67 DKIM Originating Signing Policy Douglas Otis

DomainKeys Identified Mail (DKIM): Introduction and Overview Eric Allman Chief Science Officer Sendmail, Inc.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

CS470, A.Selcuk Security1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.

Lecture 22 Internet Security Protocols and Standards

Lecture 22 Internet Security Protocols and Standards modified from slides of Lawrie Brown.

S/MIME and PKI Dartmouth College PKI Lab. What Is S/MIME? RFC 2633 (S/MIME Version 3)RFC 2633 Extensions to MIME Uses PKI certificates, keys, and.

14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.

DomainKeys Identified Mail (DKIM) D. Crocker Brandenburg InternetWorking mipassoc.org/mass  Derived from Yahoo DomainKeys and Cisco.

TechEd /20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

Computer Networks, Fifth Edition by Andrew Tanenbaum and David Wetherall, © Pearson Education-Prentice Hall, 2011 The Application Layer Chapter

Pilot project proposal: AffiL Affiliated domain names for trust Dave Crocker Brandenburg InternetWorking bbiw.net

Identity Based Sender Authentication for Spam Mitigation Sufian Hameed (FAST-NUCES) Tobias Kloht (University of Goetingen) Xiaoming Fu (University.

© 2007 Convio, Inc. Implementation of Yahoo DomainKeys Bill Pease, Chief Scientist Convio.

Electronic mail – protocol evolution. standards.

1 The Business Case for DomainKeys Identified Mail.

Trust Anchor Management Problem Statement 69 th IETF Trust Anchor Management BOF Carl Wallace.

Wireless and Security CSCI 5857: Encoding and Encryption.

DNS-based Message-Transit Authentication Techniques D. Crocker Brandenburg InternetWorking D. Crocker Brandenburg InternetWorking.

Prof. John A. Copeland fax Office: Klaus

Defending DKIM IETF 65 Threats and Strategies Douglas Otis

Certified Server Validation (CSV) “ An MTA is talking to me directly. Are they OK?” D. Crocker Brandenburg InternetWorking mipassoc.org/csv 10/8/2015 6:36.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

A Trust Overlay for Operations: DKIM and Beyond Dave Crocker Brandenburg Internet Working bbiw.net Apricot / Perth 2006 Dave Crocker Brandenburg.

Advanced Mail. Greylisting mail/postgrey /usr/local/etc/postfix/postgrey_whitelist_clients /usr/local/etc/postfix/postgrey_whitelist_recipients.

Message Authentication Signature Standards (MASS) BOF Jim Fenton Nathaniel Borenstein.

MASS / DKIM BOF IETF – Paris 4 Août 2005 dkim.org  mipassoc.org/mass IETF – Paris 4 Août 2005 dkim.org  mipassoc.org/mass MIPA.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

HTTP Extension Framework Name: Qin Zhao Id:

1 Dr. David MacQuigg, President Open-mail.org Stopping Abuse – An Engineer’s Perspective University of Arizona ECE 596c August 2006.

1 Is DNSSEC a Burden? Thus far, DNSSEC adoption has been slow –In part, immaturity of the standards has been a past issue –Many trials, and some signed.

IETF 65, Dallas, TX1 Introduction to SSP Jim Fenton 22 March 2006.

Integrating security services with the automatic processing of content TERENA 2001 Antalya, May 2001 Francesco Gennai, Marina Buzzi Istituto.

EVON TAN KA VUN THECLA JOSEPH NOR FAEEZA ISMALI JESSICCA TOKIROI.

A Retrospective on Future Anti-Spam Standards Internet Society of China Beijing – September, 2004 Dave Crocker Brandenburg InternetWorking

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

Accredited DomainKeys: A Service Architecture for Improved Validation Accredited DomainKeys: A Service Architecture for Improved Validation.

Module 7 Planning and Deploying Messaging Compliance.

Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.

Security in DNS(DNSSEC) Yalda Edalat Pramodh Pallapothu.

S/MIME (Secure/Multipurpose Internet Mail Extensions) security enhancement to MIME – original Internet RFC822 was text only – MIME provided.

By Team Trojans -1 Arjun Ashok Priyank Mohan Balaji Thirunavukkarasu.

Advanced Mail. Computer Center, CS, NCTU 2 Introduction  SPAM vs. non-SPAM Mail sent by spammer vs. non-spammer  Problem of SPAM mail Over 99% of s.

X-ASVP Technical Overview eXtensible Anti-spam Verification Protocol X-ASVP Committee Technical Working Group July 22, 2007.

DKIM Policy Proposals. 3 Proposals ‘A La Carte’ Discovery Mechanism RISC Policy Description –Its (almost) all in the Key Records RISC Policy Description.

IETF70, Vancouver, December 2007draft-wing-sip-identity-media-011 SIP Identity using Media Path draft-wing-sip-identity-media-01 Dan Wing,

Validation Working Group: Proposed Revisions to

Network Applications: DNS Y. Richard Yang 2/1/2016.

IETF 81 th Rapid Transition of IPv4 contents to be IPv6-accessible draft-sunq-v6ops-contents-transition-02 Q. Sun, C. Xie, Q. Liu, X. Li, J. Qin and D.

Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.

Technical Security Issues in Cloud Computing By: Meiko Jensen, Jorg Schwenk, Nils Gruschka, Luigi Lo Lacono Presentation by: Winston Tong 2009 IEEE.

1 CNLab/University of Ulsan Chapter 16 Electronic Mail Security  PGP (Pretty Good Privacy)  S/MIME.

Trust Anchor Management Problem Statement

CSCE 715: Network Systems Security

Misc. Security Items.

S/MIME T ANANDHAN.

Slides Credit: Sogand Sadrhaghighi

MASS BOF IETF63, Paris 4 August 2005

Presentation transcript:

DomainKeys Identified Mail (DKIM) D. Crocker ~ bbiw.net dkim.org  Consortium spec Derived from Yahoo DomainKeys and Cisco Identified Internet Mail  IETF published revision – RFC 4871 D. Crocker ~ bbiw.net dkim.org  Consortium spec Derived from Yahoo DomainKeys and Cisco Identified Internet Mail  IETF published revision – RFC 4871  Validate identifier and msg data integrity  DNS identifiers  Public keys in DNS  End-to-end  Between origin/receiver administrative domains  Not path-based Allows an organization to claim responsibility for transmitting a message, in a way that can be validated by a recipient

D. CrockerDKIM Teaser2 DKIM Goals  Based on message content, itself  Not related to path  Transparent to end users  No client User Agent upgrades required  But extensible to per-user signing  Allow signature delegation  Outsourcing  Low development, deployment, use costs  Avoid large PKI, new Internet services  No trusted third parties (except DNS)  Based on message content, itself  Not related to path  Transparent to end users  No client User Agent upgrades required  But extensible to per-user signing  Allow signature delegation  Outsourcing  Low development, deployment, use costs  Avoid large PKI, new Internet services  No trusted third parties (except DNS)

D. CrockerDKIM Teaser3 Technical High-points  Signs body and selected parts of header  Signature transmitted in DKIM-Signature: header  Public key stored in DNS  In _domainkey subdomain  Uses TXT RR  Namespace divided using selectors  Allows multiple keys for aging, delegation, etc.  Signs body and selected parts of header  Signature transmitted in DKIM-Signature: header  Public key stored in DNS  In _domainkey subdomain  Uses TXT RR  Namespace divided using selectors  Allows multiple keys for aging, delegation, etc.