Abstract
PGP mail has been widely used to provide the end-to-end authentication, integrity and non-repudiation. However it has the significant drawback that the email header is unauthentic. DKIM protects specified header fields, but only between the sending server and the receiver. These lead to possible impersonation attacks and profiling of the email communication, and encourage spam and phishing activities. In this paper we propose an approach to extend PGP mail to support end-to-end integrity of whole email, namely the whole content and selected header fields. This approach is fully compatible with PGP mail. Under some reasonable assumption our approach can help to reduce spam efficiently.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Elkins, M., Torto, D.D., Levien, R., Roessler, T.: MIME Security with OpenPGP, IETF RFC 3156 (August 2001)
Callas, J., Donnerhacke, L., Finney, H., Thayer, R.: OpenPGP Message Format, IETF RFC 2440 (November 1998)
The enigmail project - a simple interface for openpgp email security, http://enigmail.mozdev.org
Resnick, P.: Internet Message Format, IETF RFC 2822 (April 2001)
Ramsdell, B. (ed.): Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1, IETF RFC 3851 (July 2004)
Lyon, J., Wong, M.: Sender ID: Authenticating E-Mail, IETF RFC 4406 (April 2006)
Wong, M., Schlitt, W.: Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1, IETF RFC 4408 (April 2006)
Allman, E., Callas, J., Delany, M., Libbey, M., Fenton, J., Thomas, M.: DomainKeys Identified Mail (DKIM) Signatures, IETF RFC 4871 (May 2007), http://www.ietf.org/rfc/rfc4871.txt
Adida, B., Chau, D., Hohenberger, S., Rivest, R.L.: Lightweight email signatures (February 2006), http://theory.lcs.mit.edu/rivest/AdidaChauHohenbergerRivest-LightweightEmailSignatures.pdf
Email metrics program: The network operators’ perspectivereport #3 - 2nd quarter 2006, Messaging Anti-Abuse Working Group(MAAWG), Tech. Rep., (November 2006), http://www.maawg.org/about/FINAL_2Q2006_Metrics_Report.pdf
Cormack, G.V., Lynam, T.R.: TREC 2005 spam track public corpora. (2005), http://plg.uwaterloo.ca/gvcormac/treccorpus/
Cormack, G.V., Lynam, T.R.: TREC 2006 spam track public corpora. (2006), http://plg.uwaterloo.ca/gvcormac/treccorpus06/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Liao, L., Schwenk, J. (2008). A Novel Solution for End-to-End Integrity Protection in Signed PGP Mail. In: Chen, L., Ryan, M.D., Wang, G. (eds) Information and Communications Security. ICICS 2008. Lecture Notes in Computer Science, vol 5308. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88625-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-540-88625-9_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88624-2
Online ISBN: 978-3-540-88625-9
eBook Packages: Computer ScienceComputer Science (R0)