Domain-Based Email Authentication Using Public Keys Advertised in the DNS (DomainKeys)
RFC 4870
Document | Type |
RFC - Historic
(May 2007; No errata)
Obsoleted by RFC 4871
Was draft-delany-domainkeys-base (individual in sec area)
|
|
---|---|---|---|
Author | Mark Delany | ||
Last updated | 2018-12-20 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4870 (Historic) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Russ Housley | ||
Send notices to | MarkD@yahoo-inc.com |
Network Working Group M. Delany Request for Comments: 4870 Yahoo! Inc Obsoleted By: 4871 May 2007 Category: Historic Domain-Based Email Authentication Using Public Keys Advertised in the DNS (DomainKeys) Status of This Memo This memo defines a Historic Document for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The IETF Trust (2007). Abstract "DomainKeys" creates a domain-level authentication framework for email by using public key technology and the DNS to prove the provenance and contents of an email. This document defines a framework for digitally signing email on a per-domain basis. The ultimate goal of this framework is to unequivocally prove and protect identity while retaining the semantics of Internet email as it is known today. Proof and protection of email identity may assist in the global control of "spam" and "phishing". Delany Historic [Page 1] RFC 4870 DomainKeys May 2007 Table of Contents 1. Introduction ....................................................3 1.1. Lack of Authentication Is Damaging Internet Email ..........3 1.2. Digitally Signing Email Creates Credible Domain Authentication .............................................4 1.3. Public Keys in the DNS .....................................4 1.4. Initial Deployment Is Likely at the Border MTA .............5 1.5. Conveying Verification Results to MUAs .....................5 1.6. Technical Minutiae Are Not Completely Covered ..............5 1.7. Motivation .................................................6 1.8. Benefits of DomainKeys .....................................6 1.9. Definitions ................................................7 1.10. Requirements Notation .....................................8 2. DomainKeys Overview .............................................8 3. DomainKeys Detailed View ........................................8 3.1. Determining the Sending Address of an Email ................9 3.2. Retrieving the Public Key Given the Sending Domain ........10 3.2.1. Introducing "selectors" ............................10 3.2.2. Public Key Signing and Verification Algorithm ......11 3.2.3. Public key Representation in the DNS ...............13 3.2.4. Key Sizes ..........................................14 3.3. Storing the Signature in the Email Header .................15 3.4. Preparation of Email for Transit and Signing ..............17 3.4.1. Preparation for Transit ............................18 3.4.2. Canonicalization for Signing .......................18 3.4.2.1. The "simple" Canonicalization Algorithm ...19 3.4.2.2. The "nofws" Canonicalization Algorithm ....19 3.5. The Signing Process .......................................20 3.5.1. Identifying the Sending Domain .....................20 3.5.2. Determining Whether an Email Should Be Signed ......21 3.5.3. Selecting a Private Key and Corresponding Selector Information ...............................21 3.5.4. Calculating the Signature Value ....................21 3.5.5. Prepending the "DomainKey-Signature:" Header .......21 3.6. Policy Statement of Sending Domain ........................22 3.7. The Verification Process ..................................23 3.7.1. Presumption that Headers Are Not Reordered .........24 3.7.2. Verification Should Render a Binary Result .........24 3.7.3. Selecting the Most Appropriate "DomainKey-Signature:" Header ......................24 3.7.4. Retrieve the Public Key Based on the Signature Information ..............................26 3.7.5. Verify the Signature ...............................27 3.7.6. Retrieving Sending Domain Policy ...................27 3.7.7. Applying Local Policy ..............................27 3.8. Conveying Verification Results to MUAs ....................27 Delany Historic [Page 2] RFC 4870 DomainKeys May 2007 4. Example of Use .................................................29 4.1. The User Composes an Email ................................29 4.2. The Email Is Signed .......................................29 4.3. The Email Signature Is Verified ...........................30Show full document text