Understanding the limitations of S/MIME digital signatures for e-mails: A GUI based approach

S/MIME (Secure/Multipurpose Internet Mail Extensions) is a well-known standard for secure e-mail exchange. S/MIME builds its identity management on e-mail addresses, rather than real names. This fact may sometimes cause sending a signed e-mail with a bogus name on it. Moreover, header information of a signed e-mail message, such as subject and name, can be altered without affecting the verifiability of the signature. This paper spots the details of such problems of S/MIME and discusses some solutions from both developer and user points of view. Moreover, GUI considerations about these problems are also analyzed in this paper. An ideal GUI is modeled and developed.

[1]  Nathaniel S. Borenstein,et al.  Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies , 1996, RFC.

[2]  Keith Moore MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text , 1996, RFC.

[3]  Blake Ramsdell,et al.  S/MIME Version 3 Message Specification , 1999, RFC.

[4]  Nathaniel S. Borenstein,et al.  Multipurpose Internet Mail Extensions (MIME) Part Five: Conformance Criteria and Examples , 1996, RFC.

[5]  Peter W. Resnick,et al.  Internet Message Format , 2001, RFC.

[6]  Jon Postel,et al.  Simple Mail Transfer Protocol , 1981, RFC.

[7]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[8]  Steven Furnell,et al.  The challenges of understanding and using security: A survey of end-users , 2006, Comput. Secur..

[9]  Ned Freed,et al.  Multipurpose Internet Mail Extensions (MIME) Part Four: Registration Procedures , 2005, RFC.

[10]  Blake Ramsdell,et al.  S/MIME Version 3 Certificate Handling , 1999, RFC.

[11]  Nathaniel S. Borenstein,et al.  Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types , 1996, RFC.

[12]  Corporate,et al.  The handbook of information security , 1991 .

[13]  Jan H. P. Eloff,et al.  Security and human computer interfaces , 2003, Comput. Secur..

[14]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[15]  Steven Furnell,et al.  Why users cannot use security , 2005, Comput. Secur..

[16]  Jon Postel,et al.  Multipurpose Internet Mail Extensions (MIME) Part Four: Registration Procedures , 1996, RFC.

[17]  John C. Klensin,et al.  Simple Mail Transfer Protocol , 2001, RFC.