基于DANE的电子邮件安全研究

电子邮件是当今重要的通信工具，也是网络攻击的主要途径之一.由于近年来CA机构有意无意的证书误签发、邮件中间人降级攻击、基于DNS的域名实体认证协议DANE的提出，当前邮件协议的改进及邮件隐私和安全有了新进展.从邮件加密和验证角度梳理了当前广泛使用的邮件协议，分析了其优缺点，归纳了邮件协议的最新研究进展、DANE对当前邮件协议的改进及其不足，提出了基于DANE的安全邮件系统架构.最后对基于DANE的邮件系统的发展方向进行了总结与展望.

Email Security Research Based on DANE

Email is today''s important communication tool, but it is also one of the main ways of cyber attack. As a result of certificates mistakenly issued by CA agency, man-in-the-middle downgrade attack, and the proposal of DNS-based Authentication of Named Entities (DANE), new progress has been made on the improvement of the current email protocol and the security of email. This study combs the widely used email protocol from the point of view of email encryption and verification, analyzes its advantages and disadvantages, summarizes the latest research progress of email protocols and the improvement of current email protocol, and proposes a secure email system architecture based on DANE. Finally, the development direction of DANE-based email system is summarized and prospected.