This content was published by Andrew Tomazos and written by several hundred members of the former Internet Knowledge Base project.

Digital Signing

The articulation of the problem is clear:

Andrew Tomazos Wrote:
"The problem with current email infrastructure is that the
From address of an email message is based on the honor system."

It seems odd to solve that problem by attacking the part of the system that does work, namely the easy-to-remember-and-share email address. If the "from" address is the problem, why not attack the "from" address?

S/MIME digitally signed email (support for which is already incorporated into virtually all modern email applications) addresses the problem by dealing with the "From" address. What plagues S/MIME is limited adoption by email senders.

If I were to insist that all email correspondence addressed to me were digitally signed, and I filter my email or devised a server process that bounces all unsigned mail back to the sender, eventually everyone who wanted to send me email would have to acquire a digital signature. A bonus is that this only needs to happen once -- once a sender has a digital signature he/she can send mail to anyone who requires signed email. To me this seems much simpler than a Segmail solution, and it exists today.

[Sorry Mark, requiring all your email correspondants to use Digital Signing is a great way to lose contact with a bunch of email correspondants. Segmail has the advantage of not requiring all your email correspondants to use it, in order for it to be effective. From your email correspondants point-of-view, you are simply changing your email address. AT]

I don't agree that changing your email address is simple.

Think of a certificate like you think of a driver's license. You get one, renew it every couple of years, and it grants permission to operate a vehicle on the public highways. It's relatively simple, easily understood and somewhat universal. Acquiring a certificate could be handled when you first get the email address. Certificates could be offered by a country's postal service or other public agencies, making the acquisition of a certificate a simple, ubiquitous process. The reason for the friction you allude to in my preference for requiring certificated email is that getting a certificate is currently more complex and difficult than it needs to be.

[I agree with you. Getting everybody to use digital signing would be better than Segmail. The problem is that I don't know how to get everybody to use digital signing. If we assume that we can't control how other people use email, than Segmail is the best solution that I can think of.

Another problem a lot of people have with Digital Signing (not including me) is that it requires a central authority to issue the certificates. Segmail does not. In effect, Segmail makes every email user their own authority - issueing username/passwords (like certificates) to their correspondants. AT]

Back to Index