Language Selection

English French German Italian Portuguese Spanish

New E-Mail Authentication Spec Submitted to IETF

Filed under
Security

A group of leading technology companies that includes Microsoft Corp., IBM, Yahoo Inc. and Cisco Systems Inc. has submitted a new e-mail authentication standard to the Internet Engineering Task Force for consideration, eWEEK has learned.

The specifications for DomainKeys Identified Mail, or DKIM, were submitted to the IETF on Monday for consideration as a new e-mail authentication standard. DKIM has been in development since August and combines technology from Yahoo and Cisco. In addition to backing the new standards, the authoring companies plan to license it for free and may release it to the open-source community, according to information provided to eWEEK by the group.

The new DKIM standard will be available as an IETF Internet Draft through the organization's Web site in the near future, said Eric Allman, chief technology officer at Sendmail Inc.

Discussions of DKIM will be part of the 63rd IETF meeting in Paris, which begins on July 31, 2005, according to the group.

DKIM uses public key cryptography to sign e-mail messages, allowing receiving domains to identify legitimate senders and weed out spam and phishing e-mail with spoofed addresses. The specification combines elements of Yahoo's DomainKeys technology and Cisco's Internet Identified Mail technology.

As with DomainKeys, e-mail domain owners will generate a public and private cryptographic key pair, then publish the public key in their DNS (Domain Name System) record. The private key is stored on their e-mail servers. Components of Cisco's Identified Internet Mail header-signing technology will be used to sign messages, said Miles Libbey, anti-spam product manager at Yahoo.

E-mail administrators will have to install a software plug-in that supports DKIM on their mail servers, but the change will be easy to implement, especially for domain owners who have already set up DomainKeys, Libbey said.

Leading e-mail server makers such as Sendmail Inc. are pledging to release DKIM plug-ins for their products.

"We wanted to make it as easy as possible to make the transition from DomainKeys to DKIM," Allman said.

DKIM could become a widely accepted standard for securing e-mail communications and thwarting e-mail forgery and phishing attacks, said Jim Fenton, distinguished engineer at Cisco and one of the authors of the new specification.

"A lot of people in the past have said the future is to put cryptographic signatures in [e-mail] messages. So we're trying to present the future here. And we believe the future is now."

The announcement comes as leading e-mail experts are gathering in New York City this week to encourage organizations to implement e-mail authentication technology such as DomainKeys, or Microsoft's SIDF (Sender ID Framework).

Full Story.

More in Tux Machines

Uselessd: A Stripped Down Version Of Systemd

The boycotting of systemd has led to the creation of uselessd, a new init daemon based off systemd that tries to strip out the "unnecessary" features. Uselessd in its early stages of development is systemd reduced to being a basic init daemon process with "the superfluous stuff cut out". Among the items removed are removing of journald, libudev, udevd, and superfluous unit types. Read more

Android One: Let us fill you in on Google’s big game

India is now the world’s third largest Internet market and “on a bullet train to become the second”. But even when we become the second with around 300 million Internet users, India would still have over 75 per cent of the population that has no access to this so-called information superhighway. It is this chunk of population that will form the “next billion” which companies like Nokia, and now Google, has been talking about. And it is this next billion that Google thinks will line up to buy and good smartphone that is also affordable. Read more

Mesa Gets Closer To Having OpenGL 4.0 Tessellation Support

A significant patch-set was published on Saturday night that implements the driver-independent bits of OpenGL 4's ARB_tessellation_shader extension inside Mesa. The tessellation support has been one of the big pieces missing from Mesa's OpenGL 4 implementation and fortunately it's getting close to mainline. Chris Forbes of Intel published fifty-six patches this weekend that implement the driver-independent portions of the extension inside Mesa. Of course, the driver portions still need to follow for it to be useful. Read more

Small Console Menu Utilities

One of the great strengths of Linux is the whole raft of weird and wonderful open source utilities. That strength does not simply derive from the functionality they offer, but from the synergy generated by using them together, sometimes in conjunction with applications. The Unix philosophy spawned a "software tools" movement which focused on developing concise, basic, clear, modular and extensible code that can be used for other projects. This philosophy remains an important element for many Linux projects. Good open source developers writing utilities seek to make sure the utility does its job as well as possible, and work well with other utilities. The goal is that users have a handful of tools, each of which seeks to excel at one thing. Some utilities work well on their own. This article looks at four tiny utilities that offer menu facilities. They get virtually zero coverage in the Linux press, so you may not have heard of them before, but they are well crafted and might just fit the bill. Read more