Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

[The Register] Next-gen Secure Email Using Internet's Own DNS

Industry news items concerning VPNs, darknets, crypto, surveillance and secure computing.
User avatar

Topic Author
parityboy
Site Admin
Posts: 1282
Joined: Wed Feb 05, 2014 3:47 am

[The Register] Next-gen Secure Email Using Internet's Own DNS

Postby parityboy » Tue Aug 04, 2015 4:44 pm

Highlighting the problems and security holes associated with current mail systems, the team from the National Institute of Standards and Technology (NIST), a subset of the US Department of Commerce, argues that by using a new set of security protocols built around the domain name system, it is possible to provide a much higher level of security in electronic messages.

Broadly, the idea is to allow for two types of email: signed and unsigned. Unsigned email would be secured using the current standard for secure email, Transport Layer Security (TLS).

TLS would be used between email servers, then the new DANE security protocol (stands for "DNS-based Authentication of Named Entities") and the existing DNSSEC protocol would be used to protect the TLS keys.

The signed version would use the same system, but add in S/MIME on the end user's client device, again protected by DANE and DNSSEC. The related white paper [PDF] comes with a handy picture:

Image



Source
Attachments
NCCoE_DNS-Based_Secure_E-Mail_BB.pdf
(402.91 KiB) Downloaded 624 times

Return to “crypto, VPN & security news”

Who is online

Users browsing this forum: No registered users and 10 guests

Login