Security

ABUSE: PKI for Real-World Email Trust

Free registration required

Executive Summary

Current PKI-based email systems (such as X.509 S/MIME and PGP/ MIME) potentially enable a recipient to determine a name and organizational affiliation of the sender. This information can suffice for a trust decision when the recipient already knows the sender - but how can a recipient decide whether or not trust email from a new correspondent? Current systems are not expressive enough to capture the real ways that trust flows in these sorts of scenarios. To solve this problem, the authors begin by applying concepts from social science research to a variety of such cases from interesting application domains; primarily, crisis management in the North American power grid.

  • Format: PDF
  • Size: 158 KB