How to make secure email easier to use

Authors:
Simson L. Garfinkel;David Margrave;Jeffrey I. Schiller;Erik Nordlander;Robert C. Miller
Affiliations:
MIT CSAIL, Cambridge, MA;Amazon.com, Seattle, WA;MIT Network Services, Cambridge, MA;MIT CSAIL, Cambridge, MA;MIT CSAIL, Cambridge, MA
Venue:
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Year:
2005

Citing 5
Cited 7

A proxy approach to e-mail security

Software—Practice & Experience
PGP: Pretty Good Privacy

PGP: Pretty Good Privacy
Enabling email confidentiality through the use of opportunistic encryption

dg.o '03 Proceedings of the 2003 annual national conference on Digital government research
Why Johnny can't encrypt: a usability evaluation of PGP 5.0

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
SSH: secure login connections over the internet

SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6

Secrecy, flagging, and paranoia: adoption criteria in encrypted email

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Facemail: showing faces of recipients to prevent misdirected email

Proceedings of the 3rd symposium on Usable privacy and security
Understanding web credibility: a synthesis of the research literature

Foundations and Trends in Human-Computer Interaction
Assessing anti-phishing preparedness: A study of online banks in Hong Kong

Decision Support Systems
Usable secure mailing lists with untrusted servers

Proceedings of the 8th Symposium on Identity and Trust on the Internet
A framework for the lived experience of identity

Identity in the Information Society
LoKey: leveraging the SMS network in decentralized, end-to-end trust establishment

PERVASIVE'06 Proceedings of the 4th international conference on Pervasive Computing

Quantified Score

Hi-index	0.01

Visualization

Abstract

Cryptographically protected email has a justly deserved reputation of being difficult to use. Based on an analysis of the PEM, PGP and S/MIME standards and a survey of 470 merchants who sell products on Amazon.com, we argue that the vast majority of Internet users can start enjoying digitally signed email today. We present suggestions for the use of digitally signed mail in e-commerce and simple modifications to webmail systems that would significantly increase integrity, privacy and authorship guarantees that those systems make. We then show how to use the S/MIME standard to extend such protections Internet-wide. Finally, we argue that software vendors must make minor changes to the way that mail clients store email before unsophisticated users can safely handle mail that is sealed with encryption.