Email authentication: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>David MacQuigg
mNo edit summary
imported>David MacQuigg
mNo edit summary
Line 1: Line 1:
{{subpages}}
{{subpages}}


This article is a [[CZ:Related articles|subtopic]] in a cluster of articles under [[Email system]].  We assume the reader understands the parent article, its terminology, and the roles of different Agents in the system.  We will use use upper case to highlight words like "Agent" that have a specific definition in this cluster of articles, and lowercase, like "sender" for words whose definition can vary with context.
This article is a [[CZ:Related articles|subtopic]] in a group of articles under [[Email system]].  We assume the reader understands the parent article, its terminology, and the roles of different Agents in the system.  We will use use upper case to highlight words like "Agent" that have a specific definition in this cluster of articles, and lowercase, like "sender" for words whose definition can vary with context.


Email authentication methods fall into two categories.  Methods like SPF, SenderID, and CSV rely on the fact that certain IP addresses are firmly under the control of a sender (an individual or organization identified by its domain name).  Methods like DKIM rely on a digital signature verifying the entire message and most of its headers.  Both depend on the security of [[DNS]]. The assumption is that only the domain owner has access to the DNS records under his name.  With IP-based methods, the sender publishes in DNS the IP addresses authorized to use his domain name.  With signature-based methods, the sender publishes a public key.  IP methods can be very efficient, rejecting an entire session without transferring any messages. End-to-end signature methods can be very secure, even with an un-trusted Forwarder in the middle.
Email authentication methods fall into two categories.  Methods like SPF, SenderID, and CSV rely on the fact that certain IP addresses are firmly under the control of a sender (an individual or organization identified by its domain name).  Methods like DKIM rely on a digital signature verifying the entire message and most of its headers.  Both depend on the security of [[DNS]]. The assumption is that only the domain owner has access to the DNS records under his name.  With IP-based methods, the sender publishes in DNS the IP addresses authorized to use his domain name.  With signature-based methods, the sender publishes a public key.  IP methods can be very efficient, rejecting an entire session without transferring any messages. End-to-end signature methods can be very secure, even with an un-trusted Forwarder in the middle.

Revision as of 20:37, 25 November 2008

This article is a stub and thus not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.

This article is a subtopic in a group of articles under Email system. We assume the reader understands the parent article, its terminology, and the roles of different Agents in the system. We will use use upper case to highlight words like "Agent" that have a specific definition in this cluster of articles, and lowercase, like "sender" for words whose definition can vary with context.

Email authentication methods fall into two categories. Methods like SPF, SenderID, and CSV rely on the fact that certain IP addresses are firmly under the control of a sender (an individual or organization identified by its domain name). Methods like DKIM rely on a digital signature verifying the entire message and most of its headers. Both depend on the security of DNS. The assumption is that only the domain owner has access to the DNS records under his name. With IP-based methods, the sender publishes in DNS the IP addresses authorized to use his domain name. With signature-based methods, the sender publishes a public key. IP methods can be very efficient, rejecting an entire session without transferring any messages. End-to-end signature methods can be very secure, even with an un-trusted Forwarder in the middle.