Вы находитесь на странице: 1из 3

DomainKeys Identified Mail

(DKIM)

D. Allows an organization to claim


D. Crocker
Crocker ~~ bbiw.net
bbiw.net
responsibility for transmitting a
message, in a way that can be
dkim.org
dkim.org validated by a recipient


 Validate
Validate identifier
identifier and
and

 Consortium spec msg
msg data
data integrity
integrity
Derived
Derived from
from Yahoo
Yahoo  DNS
 DNS identifiers
identifiers
DomainKeys
DomainKeys and and Cisco
Cisco  Public
 Public keys
keys in
in DNS
DNS
Identified
Identified Internet
Internet Mail
Mail End-to-end

 End-to-end
 IETF published  Between
 Between origin/receiver
origin/receiver

administrative
administrative domains
domains
revision – RFC 4871  Not
 Not path-based
path-based
DKIM Goals


 Based on message content, itself
 Not
 Not related
related to
to path
path

 Transparent to end users
 No
 No client
client User
User Agent
Agent upgrades
upgrades required
required
 But
 But extensible
extensible to
to per-user
per-user signing
signing

 Allow signature delegation
 Outsourcing
 Outsourcing

 Low development, deployment, use costs
 Avoid
 Avoid large
large PKI,
PKI, new
new Internet
Internet services
services
 No
 No trusted
trusted third
third parties
parties (except
(except DNS)
DNS)

D. Crocker DKIM Teaser 2


Technical High-points
High-points


 Signs body and selected parts of header

 Signature transmitted in DKIM-Signature:
header

 Public key stored in DNS
 In
 In _domainkey
_domainkey subdomain
subdomain
 Uses
 Uses TXT
TXT RR
RR

 Namespace divided using selectors
 Allows
 Allows multiple
multiple keys
keys for
for aging,
aging, delegation,
delegation, etc.
etc.

D. Crocker DKIM Teaser 3