Title:
Transparent Internet E-mail Security
Authors:
- Raph Levien, Lewis McCarthy, and Matt Blaze
- Affiliation: AT&T Laboratories
Abstract:
This paper describes the design and prototype implementation of a
comprehensive system for securing Internet e-mail transparently, so
that the only user intervention required is the initial setup and
specification of a trust policy. Our system uses the PolicyMaker
trust management engine [BFL] for evaluating the trustworthiness of
keys, in particular whether the given binding between key and name is
valid. In this approach, user policies and credentials are written as
predicates in a safe programming language. These predicates can
examine the graph of trust relationships among all the credentials
presented. Thus, credentials can express higher-order policies that
depend upon global properties of the trust graph or that impose
specific conditions under which keys are considered trusted.
``Standard'' certificates, such as PGP and X.509, are automatically
translated into simple PolicyMaker credentials that indicate that the
certifier trusts a binding between a key and a name and address, and
certifiers can also issue more sophisticated credentials written
directly in the PolicyMaker language.
Our system does not assume any particular public key, certificate, or
message format. Our prototype implementation, which runs under most
versions of Unix, accepts PGP key certificates as well as our own
credentials, and uses standard PGP message formats. Thus, our system
interoperates with the existing infrastructure of secure e-mail
applications while providing additional flexibility at those sites
where the system is used. We plan also to support SMIME and other
message formats, X.509 certificates, and Win32-based platforms.
[BFL] M. Blaze, J. Feigenbaum, and J. Lacy, "Decentralized Trust
Management," IEEE Symposium on Security and Privacy, Oakland CA,
May 1996.
For more information, contact raph@cs.berkeley.edu, lmccarth@cs.umass.edu,
or mab@research.att.com