Towards a Certified Electronic Mail System

Most of the existent certified electronic mail proposals (found in scientific papers) have been designed without considering their deployment into traditional e-mail infrastructure (e.g., Internet mail system). In fact, there is not any implementation used for commercial purposes of those proposals. On the other hand, in different countries, private companies and public administrations have developed their own applications for certified electronic mail, but these solutions are tailored to their needs and present serious drawbacks. They consider the mail providers as Trusted Third Parties (TTPs), but without being verifiable (if they cheat or fail, users cannot prove it). In most cases, users (typically recipients) cannot choose their mail provider; it is imposed, and even worse, sometimes a message is considered to have been delivered when it has been deposited in the recipient’s mailbox (and perhaps, he will not be able to access it). In this chapter, the authors give a broad picture on the current state of certified e-mail, including a brief description of the current e-mail architecture and the need of certified e-mail services, and a definition of the security requirements needed for such a service. Next, they review the scientific and existent proposals. Finally, the authors give some guidelines for developing practical solutions for certified e-mail services that meet all the security requirements.