Download presentation
Presentation is loading. Please wait.
1
Misc. Security Items
2
DKIM
3
domainkeys identified mail (dkim)
Developed at and patented by Yahoo! Offers a way for a domain to claim responsibility for an Uses public key cryptography
4
dkim features body and selected headers can be covered by the DKIM signature Signed portions of the are protected against tampering Independent of SMTP: can survive relaying
5
dkim problems Signing and verifying are expensive operations
DKIM is done on the server where resources may be limited Many things can break the DKIM signature e.g. encoding changes, automated footers
6
dkim recommendations DKIM is nice to implement if you have the resources We will not be covering it in the lab
7
s/mime
8
s/mime Supports signing and encryption of E-Mail
Secure Multipurpose Internet Mail Extensions Public key cryptography Supports signing and encryption of Keys are tied to addresses and usually an identity Performed by end-users Supported by most clients
9
s/mime Uses certificate authorities, like TLS
CAs act as a trusted third party Walk the certificate chain back to the CA to prove identity To my knowledge, there is no central location to find a user’s S/MIME public key
10
s/mime To sign mail, you must have a public/private key pair
To encrypt mail, you must have the recipient’s public key To verify an , you must have the sender’s public key
11
pgp
12
pretty good privacy Public key cryptography Performed by end users
Supports signing and encrypting Keys are tied to addresses and usually an identity Performed by end users Client support is not as common as S/MIME
13
pretty good privacy No central certificate authority
Relies on ‘web of trust’ instead Gnu Privacy Guard (gpg) is open-source equivalent
14
pgp: web of trust If you trust someone you can sign their public key
(e.g. verify their identity) You have a list of keys you trust Everyone who you trust has a list of keys they trust, and so on Trust can be established by finding a path of trust between two keys Think seven degrees of Kevin Bacon
15
pgp: key servers Public keys can be looked up using key servers
e.g. pgp.mit.edu Allows out-of-band retrieval of keys Public keys contain web of trust information
16
s/mime and pgp recommendations
S/MIME and PGP only sign and encrypt the body of an . Headers (e.g. To, From, Subject are not encrypted) Only work if you communicate with other people who use it If you lose the key, you lose access to all encrypted Sometime plausible deniability is a good thing
17
other solutions spamassassian amavis, clamav procmail
evaluate and score the likelihood of it being spam amavis, clamav scan incoming for viruses procmail act on (e.g. move, delete) based on header information can use headers set by SPF, spamassassian, and antivirus
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.