In recent years the IETF has been making a range of efforts to secure the email infrastructure and its use. Infrastructure protection includes source authentication by RFC 4408 SPF, message integrity authentication by RFC 6376 DKIM, and domain owner feedback on the effectiveness of these tools by DMARC (www.dmarc.org).
The move to secure the Domain Name System through RFC 4033 (et al) DNSSEC has facilitated further improvements in email security. RFC 6698 DANE describes TLSA Resource records to authenticate X.509 certificates and keying material for (RFC 5246) Transport Layer Security trust anchors. This secures the integrity of end to end data transfer. By use of the same DANE framework, SMIMEA associates an end user's certificate with a specific domain, to secure the authentication and encryption of email message content. A parallel move for OpenPGP secures an end user's raw keys, for guaranteeing the authentication and encryption of email message content, augmenting and ultimately replacing the Web of trust for key exchange.
Email transmission security is facilitated with SPF/DKIM/DMARC, DANE and TLS protocols, and is a greater concern of email providers. Email content security is facilitated by SMIMEA with X.509, and OpenPGP protocols, and is a greater concern for email users.
The HAD secure email project at NIST is supporting the development of these initiatives by developing and deploying test infrastructure. Publicly accessible test systems are also available for DANE deployment.
Public feedback is encouraged, directed to the HAD project point of contact.
Questions or comments should be sent to the HAD Test Tool admin
NIST is an agency of the U.S. Department of Commerce.
Date created 10/19/2016. Last updated 12/09/2016.