ES2ES
Ubiquitous end-to-end secure email
General Description
It seems reasonable in today's high tech environment to assume the secure
exchange of messages.
However, it is not. The vast majority of email still lies un-encrypted
on servers and only recently has there been interest in protecting it
during transfer between servers. Why?
Encryption technology is relatively mature and widely available.
It has even been a part of many popular email packages since 1999 based
on the S/MIME protocol.
Turning on this feature ensures messages, either in transit or lying on an
intermediate server waiting for transfer, cannot be read by anyone other
than its intended recipient.
The reason this feature is not on by default lies in key management.
Briefly, in order to send an encrypted message to a particular recipient,
you need to have their key.
These keys may be first exchanged between users or looked up on a server.
Universal secure message exchange would require this server to have keys for
every Internet user on the planet - a technical, security, and political
impossibility.
Hence, we have not seen secure email by default.
However, there is one "database" that every device on the Internet is already
connected to - the DNS.
It is distributed and scale-able, and with DNSSEC, secure.
Therefore, publishing keys in the DNS solves the key management problem.
The last remaining hurdle is how to get email packages to lookup a recipient's
key in the DNS and validate it with DNSSEC. This is where our ES2ES software
comes in by converting between email address book and DNS formats and
validating results with DNSSEC.
|