by Ben Adida, Susan Hohenberger, and Ronald L. Rivest
(draft; to appear). February, 2005.
We present a novel key distribution architecture and a novel use of a particular identity-based digital signature scheme for making email trustworthy. Like typical digital signatures, our solution fights email-based phishingattacks and mitigates spam by detecting spoofed emails. Unlike typical digital signatures, our approach requires no complex, preestablished public-key infrastructure nor cooperation between email domains. Furthermore, it provides just enough trust to make email useful again, but not too much: email remains repudiable. All current legitimate uses of email – alternate email personalities, alternate outgoing mail servers, PGP or S/MIME encryption, sending attachments, web-based email etc. . . – remain fully functional. The end-to-end nature of email is preserved: the only requirements are an upgraded email client and at least one keyserver. We call this approach a Lightweight Trust Architecture.