ACM Digital Library home
ACM home
Advanced Search
10.1145/1054972.1055069acmconferencesArticle/Chapter ViewAbstractPublication PageschiConference Proceedings
Article

How to make secure email easier to use

Publication: CHI '05: Proceedings of the SIGCHI Conference on Human Factors in Computing SystemsApril 2005 Pages 701–710https://doi.org/10.1145/1054972.1055069
  • 23citation
  • 3,097
    • Downloads
Metrics
Total Citations23
Total Downloads3,097
Last 12 Months72
Last 6 weeks8

ABSTRACT

Cryptographically protected email has a justly deserved reputation of being difficult to use. Based on an analysis of the PEM, PGP and S/MIME standards and a survey of 470 merchants who sell products on Amazon.com, we argue that the vast majority of Internet users can start enjoying digitally signed email today. We present suggestions for the use of digitally signed mail in e-commerce and simple modifications to webmail systems that would significantly increase integrity, privacy and authorship guarantees that those systems make. We then show how to use the S/MIME standard to extend such protections Internet-wide. Finally, we argue that software vendors must make minor changes to the way that mail clients store email before unsophisticated users can safely handle mail that is sealed with encryption.

References

  1. D. Atkins, W. Stallings, and P. Zimmermann. RFC 1991: PGP message exchange formats, August 1996. Status: INFORMATIONAL.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. D. Balenson. RFC 1423: Privacy enhancement for Internet electronic mail: Part III: Algorithms, modes, and identifiers, February 1993. Obsoletes RFC1115. Status: PROPOSED STANDARD.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Ian Brown and C. Richard Snow. A proxy approach to e-mail security. Software Practice and Experience, 29:1049-1060, October 1999.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. J. Callas, L. Donnerhacke, H. Finney, and R. Thayer. RFC 2440: OpenPGP message format, November 1998. Status: PROPOSED STANDARD.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Mark Delany. Domain-based email authentication using public-keys advertised in the dns (domainkeys), August 2004. INTERNET DRAFT.]]Google ScholarGoogle Scholar
  6. S. Dusse, P. Hoffman, B. Ramsdell, L. Lundblade, and L. Repka. RFC 2311: S/MIME version 2 message specification, March 1998. Status: INFORMATIONAL.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. M. Elkins. RFC 2015: MIME security with pretty good privacy (PGP), October 1996. Status: PROPOSED STANDARD.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Federal Trade Comission. Identity thief goes "phishing" for consumers' credit information, July 2003. http://www.ftc.gov/opa/2003/07/phishing.htm.]]Google ScholarGoogle Scholar
  9. Simson Garfinkel. PGP: Pretty Good Privacy. O'Reilly & Associates, 1994.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Simson L. Garfinkel. Enabling email confidentiality through the use of opportunistic encryption. In National Conference on Digital Government Research, 2003.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Simson L. Garfinkel, Jeffrey I. Schiller, Erik Nordlander, David Margrave, and Robert C. Miller. Views, reactions, and impact of digitally-signed mail in e-commerce. 2005.]]Google ScholarGoogle Scholar
  12. Peter Gutmann. Why isn't the internet secure yet, dammit. In AusCERT Asia Pacific Information Technology Security Conference 2004; Computer Security: Are we there yet?, May 2004. http://conference.auscert.org.au/conf2004/.]]Google ScholarGoogle Scholar
  13. GVU. GVU's tenth WWW user survey results, 1999. http://www.cc.gatech.edu/gvu/user surveys/survey-1998-10/.]]Google ScholarGoogle Scholar
  14. S. Kent. RFC 1422: Privacy enhancement for Internet electronic mail: Part II: Certificate-based key management, February 1993. Obsoletes RFC1114. Status: PROPOSED STANDARD.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. J. Linn. RFC 989: Privacy enhancement for Internet electronic mail: Part I: Message encipherment and authentication procedures, February 1987. Obsoleted by RFC1040, RFC1113. Status: UNKNOWN.]]Google ScholarGoogle Scholar
  16. J. Linn. RFC 1421: Privacy enhancement for Internet electronic mail: Part I: Message encryption and authentication procedures, February 1993. Obsoletes RFC1113. Status: PROPOSED STANDARD.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Mindy Pereira. Trusted S/MIME Gateways. Dartmouth College, May 2003. Senior Honors Thesis: Winter/Spring 2003, Department of Computer Science, Dartmouth College.]]Google ScholarGoogle Scholar
  18. B. Ramsdell. RFC 3851: Secure/multipurpose internet mail extensions (s/mime) version 3.1 message specification, July 2004.]]Google ScholarGoogle Scholar
  19. Jon Udell. How ray ozzie got his groove back. openp2p.com, October 24 2000.]]Google ScholarGoogle Scholar
  20. VeriSign. Digital ids for secure email, 2004.]]Google ScholarGoogle Scholar
  21. Alma Whitten. Making Security Usable. PhD thesis, School of Computer Science, Carnegie Mellon University, 2004.]]Google ScholarGoogle Scholar
  22. Alma Whitten and J. D. Tygar. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. In 8th USENIX Security Symposium, pages 169--184, 1999.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. T. Ylonen. SSH - secure login connections over the internet. Proceedings of the 6th Security Symposium) (USENIX Association: Berkeley, CA):37, 1996.]] Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. How to make secure email easier to use

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              Get this Publication

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              View Table of Contents
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!