域名密钥
发布网友
发布时间:2022-04-20 07:35
我来回答
共5个回答
热心网友
时间:2022-05-12 22:51
这是一项基于PKI但又不属于传统的PKI加密解密的新技术,还没成为全球的安全标准。所以,我也难说明它是怎么样的VERIFY DIGITAL SIGNATURE。
还是给你一个官方的解说吧。就当是为混2分
Yahoo!雅虎 Anti-Spam Resource Center反垃圾邮件资源中心
Home FAQs Tools Tips Fun Facts Spam and the Law DomainKeys家居常见工具小费训事实和法律domainkeys邮件
DomainKeys: Proving and Protecting Email Sender Identitydomainkeys:电子邮件寄件人身份证明和保护
Email spoofing - the forging of another person's or company's email address to get users to trust and open a message - is one of the biggest challenges facing both the Internet community and anti-spam technologists today.电子邮件欺骗-伪造他人或公司的电子邮件信箱得到了用户的信任与公开的信息,是双方面临的最大挑战之一,网上社区反垃圾邮件技师. Without sender authentication, verification, and traceability, email providers can never know for certain if a message is legitimate or forged and will therefore have to continually make ecated guesses on behalf of their users on what to deliver, what to block, and what to quarantine, in the pursuit of the best possible user experience.无寄件人认证、审核、追踪、电子邮件提供商如果能永远不知道某些讯息是合法或伪造,因而必须不断的猜测,代其向用户提供什么,什么座什么检疫,在追求最佳的用户经验.
DomainKeys is a technology proposal that can bring black and white back to this decision process by giving email providers a mechanism for verifying both the domain of each email sender and the integrity of the messages sent (i.e,. that they were not altered ring transit).domainkeys是技术方案,可以使黑白回到这一决定的过程给予核查机制电子邮件提供商都属于每个电子邮件发送者发出的信息和诚信(醋酸.他们没有改变过境期间). And, once the domain can be verified, it can be compared to the domain used by the sender in the From: f ield of the message to detect forgeries.而一旦域可以验证,就好比是用域的由寄件人:六油田的发现是伪造的讯息. If it's a forgery, then it's spam or fraud, and it can be dropped without impact to the user.如果是伪造的,那就邮件或欺诈行为,而且可以减少对用户没有影响. If it's not a forgery, then the domain is known, and a persistent reputation profile can be established for that sending domain that can be tied into anti-spam policy systems, shared between service providers, and even exposed to the user.如果不是伪造的,那么,已知域,概况声誉与执着,可设立派出域可以捆扎成反垃圾邮件*体系服务提供商之间共享,甚至暴露用户.
For well-known companies that commonly send transactional email to consumers, such as banks, utilities, and ecommerce services, the benefits of verification are more profound, as it can help them protect their users from "phishing attacks" - the fraulent solicitation for account information, such as credit card numbers and passwords, by impersonating the domain and email content of a company to which users have entrusted the storage of these data.对于知名公司共同向消费者发出电子邮件交易,如银行、公用事业、商贸服务、好处核查更深刻,因为它可以帮助他们保护其用户从"钓鱼攻击"的欺骗性劝帐户信息如信用卡号码和密码,冒充域和电子邮件的内容,用户纷纷向公司委托这些资料储存. For these companies, protecting their users from fraud emails translates directly into user protection, user satisfaction, reced customer care costs, and brand protection.对于这些企业,保护其用户直接翻译成诈骗电子邮件用户保护,用户满意,降低客户服务成本、品牌保护.
For consumers, such as Yahoo!对于消费者来说,如雅虎 Mail users or a grandparent accessing email through a small mid-western ISP, instry support for sender authentication technologies will mean that they can start trusting email again, and it can resume its role as one of the most powerful communication tools of our times.邮箱用户通过电子邮件或外祖父母存取小中西部商、工业支援寄件人认证技术将意味着他们可以信任的电子邮件后再次启动,它可以恢复其作为世界上最强大的通信工具的时代.
Standardization and License Terms标准化与许可条件
DKIM is the result of the ongoing commitment from numerous instry players to develop an open-standard e-mail authentication specification, and instry collaboration has played a critical role in the process.dkim是由于许多业者正在承担发展开放标准电子邮件认证规格和产业合作起到了关键的作用. Instry leaders who played a valuable role in furthering the development of the DKIM specification include, Alt-N Technologies, AOL, Brandenburg Internetworking, Cisco, EarthLink, IBM, Microsoft, PGP Corporation, Sendmail, StrongMail Systems, Tumbleweed, VeriSign and Yahoo!.业领导者的角色,发挥了宝贵的发展更进一步的dkim规格包括,竞标氮技术,美国在线、勃兰登堡互联思科,earthlink,IBM公司、微软公司、中Pgp总公司Sendmail的,strongmail系统tumbleweed,但Verisign和雅虎. The participation of these companies has been instrumental in creating this single, signature-based e-mail authentication proposal.参与这些公司一直在制造这种单一签名的电子邮件认证提案. The authoring companies will continue to work with these organizations and the IETF on the standardization of the DomainKeys Identified Mail (DKIM) specification so that instry-wide agreement on the best method for validating the identification of email senders can be reached.该公司将继续致力于创作与这些团体和有关IETF工作的规范化domainkeys确定邮件(dkim)规格,使整个行业的协议的最佳方法验证电子邮件发送者身份才能达成. DomainKeys Identified Mail has begun advancing through the IETF Internet standards process to be ultimately approved as an IETF Internet Standard.domainkeys确定邮件已经开始通过因特网因特网标准过程进最终被批准为国际标准IETF工作.
For historical reference, Yahoo!为历史借鉴,雅虎! has submitted the DomainKeys framework as an Internet-Draft entitled " draft-delany-domainkeys-base-03.txt .已将domainkeys框架作为因特网决议题为"导流delany-domainkeys基地-03.txt. Yahoo!'s DomainKeys Intellectual Property may be licensed under either of the following terms:雅虎国domainkeys知识产权牌可以以下其中一条规定:
Yahoo!雅虎 DomainKeys Patent License Agreementdomainkeys专利许可协议
GNU General Public License version 2.0 (and no other version).GNU通用公共许可证2.0版(无其它版).
Yahoo!'s DomainKeys Intellectual Property includes the following patent(s) and patent application(s).雅虎国domainkeys知识产权包括以下专利申请专利(S)和(S)号.
U.S. Patent Number 6,986,049, issued January 10, 2006美国专利数量6,986,049发布2006年1月10日
U.S. Patent Application Serial Number 10/805,181, filed March 19, 2004美国专利申请序号八百○五分之一十○,181,立案2004年3月19日
PCT Application PCT/US2004/007883, filed March 15, 2004厘应用pct/us2004/007883,立案2004年3月15日
PCT Application PCT/US2005/008656, filed March 15, 2005厘应用pct/us2005/008656,立案2005年3月15日
In accordance with RFC2026, Yahoo!按照rfc2026雅虎! has also submitted the above license statement to the IETF as an IPR Disclosure.上述许可,也已向IETF工作作为知识产权声明披露. Have license feedback?有执照的反馈?
Reference Implementation实施范围
In addition to the Internet-Draft, Yahoo!除了因特网草案,雅虎! has developed a reference implementation for DomainKeys that can be plugged into Message Transfer Agents (MTAs), such as qmail.制定了实施范围,可为domainkeys*讯息传递代理(多边),例如qmail邮件. A version of this software has been released and is available at http://domainkeys.sourceforge.net/ .这个软件版本已经获释,现已在http://domainkeys.sourceforge.net/. Sendmail has developed a DomainKey implementation for their popular MTA (both the commercial and freeware versions).Sendmail的执行他们制定了domainkey热门甲硫(包括商业、免费版本). In fact, Sendmail, Inc. has released an open source implementation of the Yahoo!事实上,Sendmail的华硕已公开发表的消息<雅虎 DomainKeys specification for testing on the Internet and is actively seeking participants and feedback for this Pilot Program.domainkeys规格测试于互联网和反馈,并积极寻求参与这项试办计画.
How DomainKeys Works如何domainkeys工程
How it Works - Sending Servers它如何送服务器
There are two steps to signing an email with DomainKeys:有两个步骤,签署了与domainkeys电子邮件:
Set up: The domain owner (typically the team running the email systems within a company or service provider) generates a public/private key pair to use for signing all outgoing messages (multiple key pairs are allowed).成立:域所有者(通常队办起了公司的电子邮件系统或服务提供商)产生公共/私人钥匙使用所有签字离任讯息(多重关键双双获准). The public key is published in DNS, and the private key is made available to their DomainKey-enabled outbound email servers.公钥刊登的DNS,关键是提供给私人的domainkey驱动游电子邮件伺服器. This is step "A" in the diagram to the right.这一步的"A"在图的权利.
Signing: When each email is sent by an authorized end-user within the domain, the DomainKey-enabled email system automatically uses the stored private key to generate a digital signature of the message.签字:每发送电子邮件特准终端用户的领域<domainkey驱动系统自动用电子邮件储存私钥产生数字签名的信息. This signature is then pre-pended as a header to the email, and the email is sent on to the target recipient's mail server.这是当时签字前彩超对电子邮件作为头、而电子邮件发送给目标收件人的邮件伺服器. This is step "B" in the diagram to the right.这是一步"乙"在图的权利.
How it Works - Receiving Servers它如何接收服务器
There are three steps to verifying a signed email:有三个步骤,核实签名电子邮件:
Preparing: The DomainKeys-enabled receiving email system extracts the signature and claimed From: domain from the email headers and fetches the public key from DNS for the claimed From: domain.准备:domainkeys-接收电子邮件系统,使提取签名并声称来自:从电子邮件、绿头域公钥来自声称来自域名为:域. This is step "C" in the diagram to the right.这一步的"C"的图权.
Verifying: The public key from DNS is then used by the receiving mail system to verify that the signature was generated by the matching private key.验证:公共密钥则用来从域名系统的接收邮件核实签字私钥产生配对. This proves that the email was truly sent by, and with the permission of, the claimed sending From: domain and that its headers and content weren't altered ring transfer.这证明,真正的电子邮件发送、许可,由派出称:域,其头和内容都没有改变,在转让.
Delivering: The receiving email system applies local policies based on the results of the signature test.运送:适用土*接收电子邮件系统基于签名测试结果. If the domain is verified and other anti-spam tests don't catch it, the email can be delivered to the user's inbox.如果域验证和其他反垃圾邮件测试也没有渔获,电子邮件可交付给用户的inbox. If the signature fails to verify, or there isn't one, the email can be dropped, flagged, or quarantined.如果未能核实签名,或有没有一个能降的电子邮件、国旗或查封. This is step "D" in the diagram on the right.这一步的"D"在正确的图.
In general, Yahoo!一般来说,雅虎! expects that DomainKeys will be verified by the receiving email servers.预料将经domainkeys接收电子邮件伺服器. However, end-user mail clients could also be modified to verify signatures and take action on the results.但是,最终用户的邮件客户还可改装核实签字并采取行动的结果.
Frequently Asked Questions常见问题
How will this help stop spam?如何帮助阻止垃圾邮件?
How will this help stop fraud/phishing attacks?如何帮助制止欺诈/网络钓鱼攻击?
Won't spammers just sign their messages with DomainKeys?刚刚签署的电文不会与domainkeys滥发电邮?
What does DomainKeys verify?什么domainkeys查证?
Why sign the entire message?所以整个标志信息?
Does DomainKeys encrypt each message?是否每个domainkeys加密信息?
What public/private key technology is used for DomainKeys?什么公/私钥用于科技domainkeys?
Who issues the public/private key pairs required by DomainKeys?谁的问题公/私钥双双要求domainkeys?
Does DomainKeys require signing of the public key by a Certificate Authority (CA)?domainkeys是否需要签署的公钥证书管理局(星期六)?
How are DomainKeys revoked?如何domainkeys撤销?
Why not just use S/MIME?为什么不能用收盘/默?
How does DomainKeys work with mailing lists?如何domainkeys与邮寄名单?
Who implements DomainKeys?实行domainkeys谁?
Which mail transfer agents (MTAs) support DomainKeys?其中邮件传递代理(多边)支持domainkeys?
How do I deploy DomainKeys?我如何部署domainkeys?
I don't use my domain's SMTP server to send email.我不使用我的域的SMTP服务来电子邮件. How do I use DomainKeys?domainkeys我该如何使用?
How can I send you feedback?我如何送你的反馈?
How will this help stop spam?如何帮助阻止垃圾邮件?
Several ways.几种方式. First, it can allow receiving companies to drop or quarantine unsigned email that comes from domains that are known to always sign their emails with DomainKeys, thus impacting spam and phishing attacks.一是它可以让公司接收电子邮件签名下降或检疫来自已知的领域,总是与domainkeys签名电子邮件、垃圾邮件、钓鱼攻击从而冲击. Second, the ability to verify sender domain will allow email service providers to begin to build reputation databases that can be shared with the community and also applied to spam policy.二能力验证电子邮件发送者域将使服务提供商开始建造名声数据库是可以共享的社会,也适用于垃圾邮件的*. For example, one ISP could share their "spam vs. legit email ratio" for the domain www.example.com with other ISPs that may not yet have built up information about the credibility and "spamminess" of email coming from www.example.com.例如一商可以分享他们的"滥发电邮的比率比legit"www.example.com域与其他供应商可能尚未建立起资料的可信度和"spamminess"的电子邮件来自www.example.com. Last, by eliminating forged From: addresses, we can bring server-level traceability back to email (not user-level - we believe that should be a policy of the provider and the choice of the user).最后,从消除伪造:地址我们能够把服务器级别可追踪回电子邮件(不用户级,我们相信应该是一个*的提供者和用户的选择). Spammers don't want to be traced, so they will be forced to only spam companies that aren't using verification solutions.滥发电邮不想追查,所以他们将*只能利用邮件企业不核查办法.
Back to Questions回到问题
How will this help stop fraud/phishing attacks?如何帮助制止欺诈/网络钓鱼攻击?
Companies that are susceptible to phishing attacks can sign all of their outgoing emails with DomainKeys and then tell the world this policy so that email service providers can watch and drop any messages that claim to come from their domain that are unsigned.公司易受钓鱼攻击的迹象都能够打出自己的电子邮件与domainkeys然后告诉全世界,使这一*能够收看电子邮件服务提供商和落任何讯息,声称是来自域签名. For example, if the company www.example.com signs all of its outgoing email with DomainKeys, Yahoo!举例来说,如果公司www.example.com打出招牌,其所有的电子邮件同domainkeys雅虎! can add a filter to its SpamGuard system that drops any unsigned or improperly signed messages claiming to come from the domain www.example.com, thus protecting tens of millions of example.com's customers or prospective customers from these phishing attacks.它可以增加一个过滤系统,spamguard滴签名或摆放任何讯息签名自称来自域www.example.com,保护千百万example.com的客户或准客户从这些网络钓鱼攻击.
Back to Questions回到问题
Won't spammers just sign their messages with DomainKeys?刚刚签署的电文不会与domainkeys滥发电邮?
Hopefully!但愿! If they do, they'll make it easier for the Internet community to isolate and drop/quarantine their messages using the methods described above in "How will this help stop spam?"否则,人家较易互联网社会孤立和落/检疫信息的利用上述方法在"如何帮助阻止垃圾邮件"? Eliminating the uncertainty of "did this email really come from the domain example.com?" will facilitate a whole range of anti-spam solutions.消除不确定性"这真是电子邮件来自example.com域?"方便了一系列反垃圾邮件解决方案.
Back to Questions回到问题
What does DomainKeys verify?什么domainkeys查证?
DomainKeys examines the From: and Sender: headers' domain to protect the user and deliver the best possible user experience.domainkeys审核:与发货:头'域维护用户和用户提供最佳的体验. Desktop mail clients like Microsoft Outlook show these headers in their user interfaces.微软Outlook邮件客户桌面显示这些头象的用户界面. If the user establishes their trust based on the these domains, then so should any system built to verify whether that trust is warranted.如果用户信任的基础上,确立了这些领域系统建成后,应查证是否有值得信任.
Back to Questions回到问题
Why sign the entire message?所以整个标志信息?
DomainKeys signs the entire message to allow the receiving server to also verify that the message wasn't tampered with or altered in transit.domainkeys迹象整个服务器接收到的讯息,让讯息,也未核实篡改变造过境. By signing the headers and the body, DomainKeys makes it impossible to reuse parts of a message from a trusted source to fool users into believing the email is from that source.签订箱与身体domainkeys它无法再用部分贺词信靠欺骗用户们相信,电子邮件是从源头.
Back to Questions回到问题
Does DomainKeys encrypt each message?是否每个domainkeys加密信息?
DomainKeys does not encrypt the actual message - it only pre-pends a "digital signature" as a header.domainkeys不加密的实际消息只是预未决的"数字签名"为标题.
Back to Questions回到问题
What public/private key technology is used for DomainKeys?什么公/私钥用于科技domainkeys?
DomainKeys currently uses an RSA public/private key method.domainkeys目前使用的RSA公/私钥方式. The key length is decided by the domain owner.关键是由长度域所有者.
Back to Questions回到问题
Who issues the public/private key pairs required by DomainKeys?谁的问题公/私钥双双要求domainkeys?
The domain owner, or an agent or service provider acting on their behalf, should generate the key pairs that are used for their DomainKeys-enabled mail system.域所有者或代理人或服务提供商代表他们行事产生的关键,应该是用于对它们domainkeys-使邮件系统.
Back to Questions回到问题
Does DomainKeys require signing of the public key by a Certificate Authority (CA)?domainkeys是否需要签署的公钥证书管理局(星期六)?
DomainKeys does not require a CA.domainkeys不需要证. Much like a trusted Notary Public, Certificate Authorities are used in public/private key systems to sign, or "endorse," public keys so that the external users of public keys can know that the public keys they receive are truly owned by the people who sent them.犹如信赖公证,公证书使用部门/私钥签制度、或"赞同",使外部用户公共密钥公共密钥公共密钥可以知道他们是否真正拥有的人送. Since DomainKeys leverages DNS as the public key distribution system, and since only a domain owner can publish to their DNS, external users of DomainKeys know that the public key they pull is truly for that domain.自domainkeys杠杆作为公钥分配域名系统由于只有一个域可以拥有自己的DNS出版、外部用户domainkeys知道公钥是真正为他们牵到域. The CA is not needed to verify the owner of the public key - the presence in that domain's DNS is the verification.证不需要验证公钥主人-驻留在该领域的域名是核实. However, it is possible that Certificate Authorities may become a valuable addition to the DomainKeys solution to add an even greater level of security and trust.但是证机关也有可能会成为一项宝贵的domainkeys除了增添更大程度地解决安全和信任.
Back to Questions回到问题
How are DomainKeys revoked?如何domainkeys撤销?
DomainKeys allows for multiple public keys to be published in DNS at the same time.domainkeys允许多种公共钥匙刊登的DNS在同一时间. This allows companies to use different key pairs for the various mail servers they run and also to easily revoke, replace, or expire keys at their convenience.这使公司对使用不同的重点,对各邮件服务器,也能轻易地撤销他们来说,代替,或在方便的钥匙届满. Thus, the domain owner may revoke a public key and shift to signing with a new pair at any time.因此,车主可撤销公钥域,转向以新签署一双随时.
Back to Questions回到问题
Why not just use S/MIME?为什么不能用收盘/默?
S/MIME was developed for user-to-user message signing and encryption and by design should be independent of the sending and receiving servers.收盘/默研制用户对用户的信息加密和签署了设计和应该独立于发送和接收服务器. We believe that DomainKeys should be a natural server-to-server complement to S/MIME and not a replacement.我们相信应该是一个天然domainkeys服务器对服务器补充收盘/默不更换. Additionally, since S/MIME is used by many security-conscious instries, we need to ensur
参考资料:yahoo.com&google.com
热心网友
时间:2022-05-13 00:09
DOMAINKEY是利用EMAIL的邮件头来实现附着签名信息的,而公钥,则是利用该域名的服务器来公布的。例如,UPS对应的IP是某某,则收信服务器会去请求该IP去验证一个声称来自WEBB@UPS.COM是否真正符合UPS的签名*。。
因为熟悉电子签名法的人都知道,公钥可以通过各种方式去分发,只要它的私钥严格保密就行了。
that's a little summary of domainkey
热心网友
时间:2022-05-13 01:44
域名(.com, .cn等)密钥用于对自身数据及其子域名密钥进行加密签名,以此类推。 例如,nsfocus.com的域名服务器由.com域密钥签名,nsfocus.com域密钥则用于对 www.nsfocus.com域名进行加密签名。
热心网友
时间:2022-05-13 03:35
cvhfffffffffffffffffffffffffffffffffffffffffffffffffff
参考资料:jfhjr
热心网友
时间:2022-05-13 05:43
好难哦。