摘要
电子邮件是当今重要的通信工具,也是网络攻击的主要途径之一.由于近年来CA机构有意无意的证书误签发、邮件中间人降级攻击、基于DNS的域名实体认证协议DANE的提出,当前邮件协议的改进及邮件隐私和安全有了新进展.从邮件加密和验证角度梳理了当前广泛使用的邮件协议,分析了其优缺点,归纳了邮件协议的最新研究进展、DANE对当前邮件协议的改进及其不足,提出了基于DANE的安全邮件系统架构.最后对基于DANE的邮件系统的发展方向进行了总结与展望.
Email is today's important communication tool,but it is also one of the main ways of cyber attack.As a result of certificates mistakenly issued by CA agency,man-in-the-middle downgrade attack,and the proposal of DNS-based Authentication of Named Entities(DANE),new progress has been made on the improvement of the current email protocol and the security of email.This study combs the widely used email protocol from the point of view of email encryption and verification,analyzes its advantages and disadvantages,summarizes the latest research progress of email protocols and the improvement of current email protocol,and proposes a secure email system architecture based on DANE.Finally,the development direction of DANE-based email system is summarized and prospected.
作者
柏宗超
姚健康
孔宁
BAI Zong-Chao;YAO Jian-Kang;KONG Ning(Computer Network Information Center, Chinese Academy of Sciences, Beijing 100190, China;China Interact Network Information Center, Beijing 100190, China;University of Chinese Academy of Sciences, Beijing 100049, China)
出处
《计算机系统应用》
2018年第7期71-77,共7页
Computer Systems & Applications
基金
发改委288域名安全专项~~
