SourceHighlighting the problems and security holes associated with current mail systems, the team from the National Institute of Standards and Technology (NIST), a subset of the US Department of Commerce, argues that by using a new set of security protocols built around the domain name system, it is possible to provide a much higher level of security in electronic messages.
Broadly, the idea is to allow for two types of email: signed and unsigned. Unsigned email would be secured using the current standard for secure email, Transport Layer Security (TLS).
TLS would be used between email servers, then the new DANE security protocol (stands for "DNS-based Authentication of Named Entities") and the existing DNSSEC protocol would be used to protect the TLS keys.
The signed version would use the same system, but add in S/MIME on the end user's client device, again protected by DANE and DNSSEC. The related white paper [PDF] comes with a handy picture:
Industry news items concerning VPNs, darknets, crypto, surveillance and secure computing.
1 post • Page 1 of 1
- (402.91 KiB) Downloaded 661 times