Open encryption to combat spam and phishing

Open encryption to combat spam and phishing

Summary: Two separate initiatives around open encryption standards could help improve e-commerce security and reduce online fraud

TOPICS: Security

Open standards consortium Oasis has announced a scheme to push its public key infrastructure work.

The organisation has formed a group — the IDtrust member section — which will seek to promote greater understanding and use of public key infrastructure standards, technologies, policies and practices, according to Oasis.

"IDtrust will advance standards that provide the basic security necessary for carrying out electronic business," said June Leung, chair of the steering committee for the Oasis IDtrust Member Section. "These standards make it possible for parties who do not know one another or who are widely distributed to communicate securely by adopting a chain of trust."

A public key infrastructure (PKI) attaches public keys to user identities through a certificate authority. Oasis IDtrust members will identify PKI trust assurance and standardisation policies, and will catalogue implementation projects, publish adoption reports and conduct studies on the costs, benefits and risk management of PKIs.

"The US federal government has been working for years to develop standards, procedures and guidelines for implementing e-identity management services that can ensure trusted, secure transactions over the internet. IDtrust will help accomplish that mission," said Peter Alterman, assistant chief information officer at the US National Institutes of Health.

Open standards encryption specifications also received a boost this week with the release of an email encryption specification by the Internet Engineering Task Force (IETF), an open community concerned with the evolution of internet architecture.

The specification, DomainKeys Identified Mail (DKIM), defines a domain-level authentication framework for email, using public-key cryptography and key server technology to permit verification of the source and contents of messages. IETF said that protection of email identity may assist in the fight against spam and phishing.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to start the discussion