Since message recipients base the validation on public keys published via DNS records, it’s important to be sure that data obtained through DNS queries is valid here DNSSEC takes to the field. When an email message is sent, the sending mail server cryptographically signs its contents using the private part of an asymmetric key and adds a reference back to the public part of the key, that is published under the DNS zone of the sending domain. I already talked about DNSSEC and tools to check the validity of domain names, many others blogged about DANE and TLSA validation support in browsers this time I would like to focus on DKIM and on a Thunderbird add-on to verify its signatures taking advantage of DNSSEC end-to-end validation.ĭKIM is a mechanism to build and verify a trust relationship between an email message and a domain name (usually the sender’s one). I’m happy to see that more and more tools are developed to increase the security level and trustworthiness of Internet applications.
0 Comments
Leave a Reply. |