E-Mail Security

Jon Callas, PGP Corporation

Introduction

Internal and Internet E-Mail Compared

Overview of Standard Protocols

Overview of Proprietary E-Mail Systems

The Need for Security

Security Requirements

Postcards versus Letters versus E-Mail

Transport and Message Security

Encryption

Signing

Digital Signatures and Meaning

Nonrepudiation

Message Authenticity

Encryption and Signing Options

Relevant Encryption Mechanisms

Notes on Cryptographic Strength

Cryptographic Balance

Standards for Secure E-Mail

OpenPGP Overview

S/MIME Overview

Certificates, Trust, and Fine Differences

Comparisons Between OpenPGP and S/MIME

Authenticity Systems

The MARID Protocols for Authenticity

The MASS Protocols for Authenticity

How MARID and MASS Work Together

Implementions

Client-Based Solutions

Server-Based Solutions

Summary

Glossary

Cross References

Further Reading

INTRODUCTION

Electronic mail, commonly called e-mail, is the most widely used form of communication today, surpassing even telephone calls. Yet very few of those messages are sent using any security mechanisms whatsoever. This chapterdescribes e-mail systems, e-mail security, and how they are used.

Internal and Internet E-Mail Compared

E-mail grew in two separate paths, with systems designed for the Internet and with systems designed for communications within an organization. With the rise of the Internet, the internal systems were adapted for Internet use, as this became the best mechanism for people in one organization to send messages ...

Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.