Affiliation:
1. University of the Balearic Islands, Spain
2. Graz University of Technology, Austria
Abstract
Most of the existent certified electronic mail proposals (found in scientific papers) have been designed without considering their deployment into traditional e-mail infrastructure (e.g., Internet mail system). In fact, there is not any implementation used for commercial purposes of those proposals. On the other hand, in different countries, private companies and public administrations have developed their own applications for certified electronic mail, but these solutions are tailored to their needs and present serious drawbacks. They consider the mail providers as Trusted Third Parties (TTPs), but without being verifiable (if they cheat or fail, users cannot prove it). In most cases, users (typically recipients) cannot choose their mail provider; it is imposed, and even worse, sometimes a message is considered to have been delivered when it has been deposited in the recipient’s mailbox (and perhaps, he will not be able to access it). In this chapter, the authors give a broad picture on the current state of certified e-mail, including a brief description of the current e-mail architecture and the need of certified e-mail services, and a definition of the security requirements needed for such a service. Next, they review the scientific and existent proposals. Finally, the authors give some guidelines for developing practical solutions for certified e-mail services that meet all the security requirements.
Reference55 articles.
1. Abadi, M., Glew, N., Horne, B., & Pinkas, B. (2002). Certified email with a light on-line trusted third party: Design and implementation. In Proceedings of the 11th international World Wide Web conference (pp. 387-395). ACM Press.
2. Asokan, N., Shoup, V., & Waidner, M. (1998a). Asynchronous protocols for optimistic fair exchange. In Proceedings of the IEEE Symposium on Security and Privacy, (pp. 86-99). Washington, DC: IEEE Computer Society.
3. Optimistic fair exchange of digital signatures
4. Ateniese, G. (1999). Efficient verifiable encryption (and fair exchange) of digital signatures. In Proceedings of the 6th ACM Conference on Computer and Communications Security (pp. 138-146). New York: ACM Press.
5. Ateniese, G., de Medeiros, B., & Goodrich, M. T. (2001). TRICERT: A distributed certified e-mail scheme. In Proceedings of ISOC 2001 Network and Distributed System Security Symposium (NDSS’01). NDSS.