The Beginning of the Crypto Era

By Larry Seltzer  |  Posted 2004-11-15 Print this article Print

Opinion: The e-mail authentication picture is getting murkier, but that's good. More credible systems are going online, and that means a real solution is closer.

In a move that was totally expected, if a little early, Yahoo has announced that it will put its money where its mouth is and start checking Yahoo Mail with its DomainKeys system. Click here to read more about Yahoos DomainKeys announcement. The company had told me that it would do so by the end of the year, but I suppose it had had this last week, during the FTC e-mail authentication summit, as an internal deadline. Earthlink also announced that it will test DomainKeys on its system.

DomainKeys is important. It is the main implementation of the second of the two most credible approaches to SMTP authentication, specifically the use of cryptographic signatures to authenticate messages against the domains from which they were sent. The other approach—to check against the IP addresses of the servers in those domains—also moved forward recently with the second version of the Sender ID spec.

Dont assume that the DomainKeys implementation is the final form. There is an IETF group called ietf-mailsig working in preliminary stages to standardize the crypto approach to SMTP authentication and they might want to make some changes to the approach used by Yahoo. And I expect Yahoo to be open to such suggestions.

In fact, Yahoos openness to reasonable suggestions and unobjectionable licenses is a big reason to be optimistic about widespread adoption of it. Indeed, while Yahoo has intellectual property claims on its developments in DomainKeys, the company isnt being a jerk about it, like some other coMpanieS in this business that shall remain naMeleSs.

There are some interesting questions about DomainKeys and Yahoos handling of it. The first has to do with performance. My own first impression of cryptography as a solution was that the added performance burden on MTAs (message transfer agents, better known as mail servers) would be great and that many companies would have to upgrade their hardware to run a DomainKeys-enabled server with decent performance. In a recent eSeminar in which I participated, Richi Jennings of Ferris Research echoed this view.

But while its still too early to tell, theres reason to believe the performance issue is not as serious as first impressions would indicate. Ive spoken to Sendmail, the leading MTA company in the world, about it. Nobody, except Yahoo, has more hands-on experience actually testing and coding DomainKeys than Sendmail. Sendmail thinks the added performance burden, entirely CPU-based, is on the order of 15 percent to 20 percent. This isnt nothing, but MTAs arent typically CPU-constrained—they are network- and perhaps disk-constrained—so there could easily be spare CPU capacity in the typical MTA (unless its running Exchange Server or Notes, in which case its CPU-starved).

Next Page: Why no SPF implementation?

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel