Question

In: Computer Science

One of the problems with the Internet email system is that sending forged emails is relatively...

One of the problems with the Internet email system is that sending forged emails is relatively straightforward, i.e., it is easy to send an email with a fake sender/from address. One solution to this problem would be for a domain’s mail servers to digitally sign any email originating from the domain. For this to be useful, the public key would need to be made available to clients to validate the signatures. It is proposed that the public keys of the mail servers will be verified and signed by a certification authority (same as SSL/TLS certificates) and distributed via a standardised URL for the domain, e.g., https://mybusiness.com/email.pubkey.
(a) Explain how the client would obtain the public key and validate the email server’s digital signatures.

(b) Discuss the problem of trusting the obtained public key and how this solution results in public keys that can/cannot be trusted.

(c) Indicate whether you believe this approach could be used to prevent forged emails and explain why it would/would not be possible to send counterfeit emails in such a system.

Solutions

Expert Solution

a)

Digital certificates help us overcome this problem. A digital certificate is a means of binding public keys to their owner. These are issued by Certificate Authorities (CAs) who validate the owners of public keys. The CA does this by validating (through various processes), the identity of the owner of the public key. Once it has done this it will bind the public key to a digital certificate and sign it using its private key to attest authenticity. The CA’s public key is available to all parties who need to validate the CA’s assertion of public key ownership.

However, digital certificates still require a chain of trust to confirm that the certificate belongs to the person or organisation that you think it does and have not been compromised. Criminals have been known to obtain certificates that were then used to sign software that included malware. Stolen certificates have also been used to sign malware.

b)

In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the ownership of a public key. The certificate includes information about the key, information about the identity of its owner (called the subject), and the digital signature of an entity that has verified the certificate's contents (called the issuer). If the signature is valid, and the software examining the certificate trusts the issuer, then it can use that key to communicate securely with the certificate's subject. In email encryption, code signing, and e-signature systems, a certificate's subject is typically a person or organization.

c)

An email signing certificate — sometimes referred to as an S/MIME
certificate or a personal authentication certificate — is something that
you can use to help email recipients verify whether an email is coming from
you. These certificates do two things:

  • assert identity through the use of unique
    digital signatures, and
  • use public key encryption to provide secure,
    end-to-end encryption for your emails. And considering that most email servers
    nowadays also use SSL/TLS encryption, it means that you can enjoy both data at
    rest and data in transit protection.

When you assert
your identity, not only are you affirming that you are who you claim to be,
but you’re also instilling trust and confidence in your email recipients.
They’ll be more likely to click on your links or engage with your emails if they
know you’re you.


Related Solutions

A chain email starts with a person sending an email out to five others. Each person...
A chain email starts with a person sending an email out to five others. Each person who receives the email is asked to send it on to five other people. Some people do this, but others do not send any emails. a) How many people have seen the email, including the first person, if no one receives more than one email and if the chain email ends after there have been one hundred people who read it but did not...
Should managers monitor employee email and Internet usage? Why or why not? Describe an effective email...
Should managers monitor employee email and Internet usage? Why or why not? Describe an effective email and web use policy for a company. Should managers inform employees that their web behavior is being monitored? Or should managers monitor secretly? Why or why not?
Can't we send emails when angry or hurt and be clear? Can't email reflect our emotions...
Can't we send emails when angry or hurt and be clear? Can't email reflect our emotions well? Or can we practice this to make it better? I ask because so much of what we do is electronic and virtual. As well, we live in a global age and in an age where employees work from home. Many employees are not in the office and some are not even in the country. How do we remedy such things when we're angry...
In your opinion, should emails sent from your work computer, using your employer's email account. during...
In your opinion, should emails sent from your work computer, using your employer's email account. during work hours be subject to the hours be subject to the right of privacy? Does your opinion change if the facts change, such as, what if it is from your work laptopk, using your employer's email account, but it is from your home after working hours? Please explain why? As the employer, why would you want to maintain control over the emails sent by...
Email is becoming one of the most common forms of communication in the workplace. Although email...
Email is becoming one of the most common forms of communication in the workplace. Although email is a main form of business communication, it is not always done well. Many employers complain of employees who send poorly written and confusing emails. Because of their extensive use, it is important to learn how to write emails professionally with informative subject lines, appropriate greetings, well-organized bodies, and complete closing information. This assignment will allow you the opportunity to practice composing professionally written...
Email is becoming one of the most common forms of communication in the workplace. Although email...
Email is becoming one of the most common forms of communication in the workplace. Although email is a main form of business communication, it is not always done well. Many employers complain of employees who send poorly written and confusing emails. Because of their extensive use, it is important to learn how to write emails professionally with informative subject lines, appropriate greetings, well-organized bodies, and complete closing information. This assignment will allow you the opportunity to practice composing professionally written...
Email is becoming one of the most common forms of communication in the workplace. Although email...
Email is becoming one of the most common forms of communication in the workplace. Although email is a main form of business communication, it is not always done well. Many employers complain of employees who send poorly written and confusing emails. Because of their extensive use, it is important to learn how to write emails professionally with informative subject lines, appropriate greetings, well-organized bodies, and complete closing information. This assignment will allow you the opportunity to practice composing professionally written...
Given this channel (face-to-face), what are some of the problems that can occur with sending your...
Given this channel (face-to-face), what are some of the problems that can occur with sending your message (think of technology you might use to present)? What types of noise around the receiver(s) might impact delivery of the message (discuss external and internal noises that might occur)? What can the speaker do to help the audience better receive the message?
A system manager at a large corporation believes that the percentage of spam email received at...
A system manager at a large corporation believes that the percentage of spam email received at his company may be 61%. He examines a random sample of 213 emails received at an email server, and finds that 66% of the messages are spam. Use a significance level of α = 0.07. a.) State the null and alternative hypothesis using correct symbolic form. H0: Answerρμσ Answer=≠<> Answer H1: Answerρμ σ Answer≠<> Answer b.) Is this a left-tailed, right-tailed, or two-tailed hypothesis...
The study of our solar system and the universe has expanded greatly since we started sending...
The study of our solar system and the universe has expanded greatly since we started sending probes into space. In an informed discussion (provide references), explain the value of space exploration with regard to our understanding of physics.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT