Computing [Home Page]
---------------------------------------------------------------------------

Email Privacy, Integrity, and Authenticity

(At this point only SSL and some authentication are used. Full authentication/authorization and signing are mostly not available. 2011)

Overview

Privacy and authenticity of email have been sorely neglected - there is at present essentially none.  Methods already exist to secure the data connection and authenticate senders, and hence to verify the originator.  Only the effort of deployment stands in the way. The rapid advent of wireless network connection makes these measures more urgent.

Privacy can be obtained by securing the connection between an Email client and its mail server with Secure Socket Layer (SSL).  Qualcomm Eudora, Microsoft Outlook, and other email clients now support SSL connections to their email servers, as do many Web based email providers.

Authenticity and integrity can follow from the SSL secured connection by using authenticated sending of email and then signing of the email by the email server.  Recipients can verify the signature and be assured that the email originated from the authenticated sender and has not been modified or damaged.  Or the email server could verify the signature and put the incoming email in a Validated/Authenticated mail box. for imap users.

SSL for Privacy and Integrity

The advantages for email are the same as for SSL web pages:

  1. The server is securely identified by its server certificate.
  2. The email traffic is private between the email client and the server because the data traffic between the two is encrypted.
  3. The logon account name and password are kept secret.

For more on SSL and server certificates see the report
Server Certificates and SSL - What, Why, and Issues.

Authenticated Email Origination

Authentication of email origination can be done by the Mail Transfer Agent by standard AUTH methods as well a specific methods such as POP-before-SMTP.

Server Email Signing

The server that securely receives and authenticates the original email can cryptographically sign the email headers and body.  Subsequently anyone viewing or deciding to relay the email can verify that the originator was authenticated and that the email has not been altered since it was received.

The digital signature can use the same Public Key cryptography as the email servers PKI Certificate used for the SSL connection, or other signing/verification methods.

Received email signatures could be validated either by the email client or by the email server (or both).  The email server could direct validated / authenticated messages to a special imap mailbox, etc.

Page modified: 13 Apr 2016 12:25:02 -0700

--------------------------------------------------
[Back to Top   [Home Page]