Add to collection(s) Add to saved
  1. No category
Uploaded by lassaad.toukabri

DKIM-teaser-03

advertisement 
DomainKeys Identified Mail
(DKIM)
Allows an organization to claim
responsibility for transmitting a
message, in a way that can be
validated by a recipient
D. Crocker ~ bbiw.net
dkim.org

Consortium spec
Derived from Yahoo
DomainKeys and Cisco
Identified Internet Mail

IETF published
revision – RFC 4871

Validate identifier and
msg data integrity



DNS identifiers
Public keys in DNS
End-to-end


Between origin/receiver
administrative domains
Not path-based
DKIM Goals

Based on message content, itself


Transparent to end users



No client User Agent upgrades required
But extensible to per-user signing
Allow signature delegation


Not related to path
Outsourcing
Low development, deployment, use costs


Avoid large PKI, new Internet services
No trusted third parties (except DNS)
D. Crocker
DKIM Teaser
2
Technical High-points



Signs body and selected parts of header
Signature transmitted in DKIM-Signature:
header
Public key stored in DNS
In _domainkey subdomain
 Uses TXT RR


Namespace divided using selectors

Allows multiple keys for aging, delegation, etc.
D. Crocker
DKIM Teaser
3
Related documents
cc
cc
Questions for Unit-7
Questions for Unit-7
M3AAWG Best Practices for Implementing DKIM To Avoid Key
M3AAWG Best Practices for Implementing DKIM To Avoid Key
A One Page Document About SPF, DKIM and DMARC
A One Page Document About SPF, DKIM and DMARC
HOMEWORK 1 • DNS stands for do not submit (1) DNS Make up a
HOMEWORK 1 • DNS stands for do not submit (1) DNS Make up a
Download
advertisement