第八讲 电子的邮件安全.ppt

DKIM（DomainKeys Identified Mail） 是一种电子邮件的验证技术，在2007年2月时，DKIM被列入互联网工程工作小组（IETF）的标准提案（Proposed Standard），并于同年5月成为正式标准（Standards Track）。RFC6376 DKIM 举例 * S/MIME secures a MIME entity with a signature, encryption, or both. A MIME entity may be an entire message or one or more of the subparts of the message. The MIME entity plus some security related data, such as algorithm identifiers and certificates, are processed by S/MIME to produce a PKCS, which refers to a set of public-key cryptography specifications issued by RSA Laboratories. A PKCS object is then treated as message content and wrapped in MIME. A range of S/MIME content-types are specified, as shown. See text for details of how these are used. * S/MIME uses public-key certificates that conform to version 3 of X.509 (see Chapter 4). The key-management scheme used by S/MIME is in some ways a hybrid between a strict X.509 certification hierarchy and PGP’s web of trust. S/MIME managers and/or users must configure each client with a list of trusted keys and with certificate revocation lists, needed to verify incoming signatures and to encrypt outgoing messages. But certificates are signed by trusted certification authorities. * There are several companies that provide X.509 certification authority (CA) services. Of these, the most widely used is the VeriSign CA service. VeriSign issues X.509 certificates known as Digital IDs. As of early 1998, over 35,000 commercial Web sites were using VeriSign Server Digital IDs, and over a million consumer Digital IDs had been issued to users of Netscape and Microsoft browsers. VeriSign provides three levels, or classes, of security for public-key certificates, with increasing levels of checks hence trust, as shown above, and with additional details in Stallings Table 18.8. Class 1 and Class 2 requests are processed on line, and in most cases take only a few seconds to approve. For Class 3 Digital IDs, VeriSign requires a higher level of identity assurance. An individual must