Open encryption to combat spam and phishing

Two separate initiatives around open encryption standards could help improve e-commerce security and reduce online fraud

Open standards consortium Oasis has announced a scheme to push its public key infrastructure work.

The organisation has formed a group — the IDtrust member section — which will seek to promote greater understanding and use of public key infrastructure standards, technologies, policies and practices, according to Oasis.

"IDtrust will advance standards that provide the basic security necessary for carrying out electronic business," said June Leung, chair of the steering committee for the Oasis IDtrust Member Section. "These standards make it possible for parties who do not know one another or who are widely distributed to communicate securely by adopting a chain of trust."

A public key infrastructure (PKI) attaches public keys to user identities through a certificate authority. Oasis IDtrust members will identify PKI trust assurance and standardisation policies, and will catalogue implementation projects, publish adoption reports and conduct studies on the costs, benefits and risk management of PKIs.

"The US federal government has been working for years to develop standards, procedures and guidelines for implementing e-identity management services that can ensure trusted, secure transactions over the internet. IDtrust will help accomplish that mission," said Peter Alterman, assistant chief information officer at the US National Institutes of Health.

Open standards encryption specifications also received a boost this week with the release of an email encryption specification by the Internet Engineering Task Force (IETF), an open community concerned with the evolution of internet architecture.

The specification, DomainKeys Identified Mail (DKIM), defines a domain-level authentication framework for email, using public-key cryptography and key server technology to permit verification of the source and contents of messages. IETF said that protection of email identity may assist in the fight against spam and phishing.