E-Mail Security

Jon Callas, PGP Corporation


Internal and Internet E-Mail Compared

Overview of Standard Protocols

Overview of Proprietary E-Mail Systems

The Need for Security

Security Requirements

Postcards versus Letters versus E-Mail

Transport and Message Security



Digital Signatures and Meaning


Message Authenticity

Encryption and Signing Options

Relevant Encryption Mechanisms

Notes on Cryptographic Strength

Cryptographic Balance

Standards for Secure E-Mail

OpenPGP Overview

S/MIME Overview

Certificates, Trust, and Fine Differences

Comparisons Between OpenPGP and S/MIME

Authenticity Systems

The MARID Protocols for Authenticity

The MASS Protocols for Authenticity

How MARID and MASS Work Together


Client-Based Solutions

Server-Based Solutions



Cross References

Further Reading


Electronic mail, commonly called e-mail, is the most widely used form of communication today, surpassing even telephone calls. Yet very few of those messages are sent using any security mechanisms whatsoever. This chapterdescribes e-mail systems, e-mail security, and how they are used.

Internal and Internet E-Mail Compared

E-mail grew in two separate paths, with systems designed for the Internet and with systems designed for communications within an organization. With the rise of the Internet, the internal systems were adapted for Internet use, as this became the best mechanism for people in one organization to send messages ...

Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.