Open encryption to combat spam and phishing

Summary:Two separate initiatives around open encryption standards could help improve e-commerce security and reduce online fraud

Open standards consortium Oasis has announced a scheme to push its public key infrastructure work.

The organisation has formed a group — the IDtrust member section — which will seek to promote greater understanding and use of public key infrastructure standards, technologies, policies and practices, according to Oasis.

"IDtrust will advance standards that provide the basic security necessary for carrying out electronic business," said June Leung, chair of the steering committee for the Oasis IDtrust Member Section. "These standards make it possible for parties who do not know one another or who are widely distributed to communicate securely by adopting a chain of trust."

A public key infrastructure (PKI) attaches public keys to user identities through a certificate authority. Oasis IDtrust members will identify PKI trust assurance and standardisation policies, and will catalogue implementation projects, publish adoption reports and conduct studies on the costs, benefits and risk management of PKIs.

"The US federal government has been working for years to develop standards, procedures and guidelines for implementing e-identity management services that can ensure trusted, secure transactions over the internet. IDtrust will help accomplish that mission," said Peter Alterman, assistant chief information officer at the US National Institutes of Health.

Open standards encryption specifications also received a boost this week with the release of an email encryption specification by the Internet Engineering Task Force (IETF), an open community concerned with the evolution of internet architecture.

The specification, DomainKeys Identified Mail (DKIM), defines a domain-level authentication framework for email, using public-key cryptography and key server technology to permit verification of the source and contents of messages. IETF said that protection of email identity may assist in the fight against spam and phishing.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.