Language Selection

English French German Italian Portuguese Spanish

New E-Mail Authentication Spec Submitted to IETF

Filed under
Security

A group of leading technology companies that includes Microsoft Corp., IBM, Yahoo Inc. and Cisco Systems Inc. has submitted a new e-mail authentication standard to the Internet Engineering Task Force for consideration, eWEEK has learned.

The specifications for DomainKeys Identified Mail, or DKIM, were submitted to the IETF on Monday for consideration as a new e-mail authentication standard. DKIM has been in development since August and combines technology from Yahoo and Cisco. In addition to backing the new standards, the authoring companies plan to license it for free and may release it to the open-source community, according to information provided to eWEEK by the group.

The new DKIM standard will be available as an IETF Internet Draft through the organization's Web site in the near future, said Eric Allman, chief technology officer at Sendmail Inc.

Discussions of DKIM will be part of the 63rd IETF meeting in Paris, which begins on July 31, 2005, according to the group.

DKIM uses public key cryptography to sign e-mail messages, allowing receiving domains to identify legitimate senders and weed out spam and phishing e-mail with spoofed addresses. The specification combines elements of Yahoo's DomainKeys technology and Cisco's Internet Identified Mail technology.

As with DomainKeys, e-mail domain owners will generate a public and private cryptographic key pair, then publish the public key in their DNS (Domain Name System) record. The private key is stored on their e-mail servers. Components of Cisco's Identified Internet Mail header-signing technology will be used to sign messages, said Miles Libbey, anti-spam product manager at Yahoo.

E-mail administrators will have to install a software plug-in that supports DKIM on their mail servers, but the change will be easy to implement, especially for domain owners who have already set up DomainKeys, Libbey said.

Leading e-mail server makers such as Sendmail Inc. are pledging to release DKIM plug-ins for their products.

"We wanted to make it as easy as possible to make the transition from DomainKeys to DKIM," Allman said.

DKIM could become a widely accepted standard for securing e-mail communications and thwarting e-mail forgery and phishing attacks, said Jim Fenton, distinguished engineer at Cisco and one of the authors of the new specification.

"A lot of people in the past have said the future is to put cryptographic signatures in [e-mail] messages. So we're trying to present the future here. And we believe the future is now."

The announcement comes as leading e-mail experts are gathering in New York City this week to encourage organizations to implement e-mail authentication technology such as DomainKeys, or Microsoft's SIDF (Sender ID Framework).

Full Story.

More in Tux Machines

ROSA Fresh R9

ROSA is a desktop distribution that was originally forked from Mandriva Linux, but now is independently developed. While the company which produces ROSA is based in Russia, the distribution includes complete translations for multiple languages. The ROSA desktop distribution is designed to be easy to use and includes a range of popular applications and multimedia support. ROSA R9 is available in two editions, one featuring the KDE 4 desktop and the second featuring the KDE Plasma 5 desktop. These editions are scheduled to receive four years of support and security updates. I decided to download the Plasma edition of ROSA R9 and found the installation media to be approximately 2GB in size. Booting from the ROSA disc brings up a menu asking if we would like to load the distribution's live desktop environment or begin the installation process. Taking the live option brings up a graphical wizard that asks us a few questions. We are asked to select our preferred language from a list and accept the project's warranty and license. We are then asked to select our time zone and keyboard layout from lists. With these steps completed, the wizard disappears and the Plasma 5.9 desktop loads. Read more

More of today's howtos

Software: Linfo, EasyTag, Simple Scan, Albert, VLC, Remote Desktop, Frogr, Brisk Menu, and OpenShot

  • Linfo – Shows Linux Server Health Status in Real-Time
    Linfo is a free and open source, cross-platform server statistics UI/library which displays a great deal of system information. It is extensible, easy-to-use (via composer) PHP5 library to get extensive system statistics programmatically from your PHP application. It’s a Ncurses CLI view of Web UI, which works in Linux, Windows, *BSD, Darwin/Mac OSX, Solaris, and Minix.
  • 2 tag management tools for organizing your music library
    These days, EasyTag seems to be my go-to tag editor. While I can't claim to have tried them all, I have mostly stopped looking now that I have this one. Generally speaking, I like its three-panel layout: file system directory on the left; selected tracks in the middle, showing file name and tags; and specific tags and cover image on the right.
  • New Simple Scan Designs Emerge; Seeking Devs to Implement Them
    Simple Scan is one of my personal favourite and perhaps even one of the "essential" apps on the Linux desktop for me. It does what it says on the tin: it's simple and it scans, with a nice preview system and enough options to be decently functional. Some new designs for the app have emerged and they are looking quite nice indeed. GNOME UX designer and Red Hat Desktop Team Member, Allan Day, showed the new mockup designs off in his blog post. Simple Scan has a pretty sparse and simplistic interface already, and I mean that in a positive way, but Allan believes that "just because it's great, doesn't mean it can't be improved" and that most of the improvements are simply "refinements", rather than major overhauls, in order to make some of the app's functions a bit easier to discover and navigate.
  • Albert – A Fast, Lightweight and Flexible Application Launcher for Linux
    A while ago, we have written about Ulauncher which is used to launch application quickly. Today we came up with similar kind of utility called Albert which is doing the same job and have some additional unique features which is not there in ulauncher.
  • 5 Tricks To Get More Out Of VLC Player In Linux
    In fact, for the desktop, VLC is much more than just a tool to play videos stored on your hard drive! So, stay with me for a tour of the lesser known features of that great software.
  • 5 of the Best Linux Remote Desktop Apps to Remotely Access a Computer
    Remote desktop apps are a very useful group of apps because they allow access to a computer anywhere in the world. While the simplest way to do this is via a terminal, if you don’t want to have to type commands but rather want a more advanced way to access a remote computer, here are five of the best remote desktop apps for Linux.
  • Frogr 1.3 released
  • Brisk Menu 0.4.0 Is Out with Super Key Support, Adapts to Vertical Panel Layouts
    Solus Project founder and lead developer Ikey Doherty is today announcing the release and immediate availability of the Brisk Menu 0.4.0 application menu for Solus and other supported GNU/Linux distributions.
  • OpenShot 2.3.3 Open-Source Video Editor Released with Stability Improvements
    OpenShot developer Jonathan Thomas is announcing the release and immediate availability of the third maintenance update to the OpenShot 2.3 stable series of the open-source and cross-platform non-linear video editor.

CloudReady - Chromebook re-experienced

I haven't done any extensive testing, but then, how much testing is really needed to run a bunch of Web apps. The whole idea is to have this cloud-based operating system, with easy, flexible access to your data anywhere you go. So if you judge this from the perspective of a typical desktop, you miss the point. But that is the point. When I install something on a desktop-like form factor, I expect its behavior to match. CloudReady takes you away from that experience, and the transition is not comfortable. You feel very limited. This makes a lot of sense for schools, for instance, where you do want to lock down the devices, and make them simple for reuse. In a home setup, why would you go for just cloud, when you can have that plus any which desktop application on a typical system? After all, nothing prevents you from launching a browser and using Google applications, side by side with your desktop stuff. It's the same thing. The notion of reviving old hardware is a bit of a wishful thinking. My eeePC test shows that it gets completely crippled when you run HD content in either Firefox or Chrome. An operating system based on Chromium OS will not drastically change that. It cannot do that. Maybe you will have better performance than having Windows there, the same way I opted for a Linux setup on the Asus netbook, but there are physical limits to what old hardware can accomplish. And then, there's the whole question of cloud ... Most people might be comfy with this, after having used smartphones for a while, but I don't think this is anything novel or mindblowing. CloudReady works as advertised, it's a very cool concept, but ultimately, it gives you a browser on steroids. Google and Neverware have their own agenda for doing this, but for home users, there really isn't any added value in transforming their keyboard-and-mouse box into a browsing portal. So if you ask me, am I ready for the cloud, the answer is, only when it becomes sophisticated enough to match my productivity and freedom of creativity. And for you, do you want a simple, locked down, secure and entirely Google machine that isn't a mobile phone or a dedicated piece of hardware? The answer is 42. Read more