Do it at your own risk.Īfter downloading the DNSSEC Validator 2.0.1 version, I installed it following the “ Installing add-ons downloaded from outside Thunderbird” guide. Installation is built on two-steps: installing DNSSEC Validator (required to use libunbound) and then installing DKIM Verifier. At time of writing, only the 2.0.1 version includes libunbound, while the official one (1.1.5) does not. To use the second method, the only one that gurantees end-to-end DNSSEC validation of DKIM keys, another add-on must be installed: DNSSEC Validator. The add-on can be configured to fetch DKIM DNS keys using two methods: a JavaScript DNS library, limited to simple TCP queries, or libunbound, a validating recursive DNSSEC library. #Thunderbird insert signature manually windowsI tested the Windows version with good results. I came across DKIM Verifier, an interesting add-on for Mozilla Thunderbird that checks DKIM signatures on the client-side and which supports a DNSSEC backend to ensure end-to-end DNS security. Validation may occur both in the email server which holds the recipient’s mailbox or in the email client running on a user’s device: in the first case a local policy (or a DMARC policy, but this is off-topic for this post) defines what to do with the message (drop it, mark it as spam, …) in the second case the user’s client can show a warning if signature validation fails or a confirmation message if everything is fine. Since message recipients base the validation on public keys published via DNS records, it’s important to be sure that data obtained through DNS queries is valid here DNSSEC takes to the field. When an email message is sent, the sending mail server cryptographically signs its contents using the private part of an asymmetric key and adds a reference back to the public part of the key, that is published under the DNS zone of the sending domain. I already talked about DNSSEC and tools to check the validity of domain names, many others blogged about DANE and TLSA validation support in browsers this time I would like to focus on DKIM and on a Thunderbird add-on to verify its signatures taking advantage of DNSSEC end-to-end validation.ĭKIM is a mechanism to build and verify a trust relationship between an email message and a domain name (usually the sender’s one). I’m happy to see that more and more tools are developed to increase the security level and trustworthiness of Internet applications.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |