Abstract
While email is the most ubiquitous and interoperable form of online communication today, it was not conceived with strong security guarantees, and the ensuing security enhancements are, by contrast, lacking in both ubiquity and interoperability. This situation motivates our research. We begin by identifying a variety of stakeholders who have an interest in the current email system and in efforts to provide secure solutions. We then use the tussle among stakeholders to explain the evolution of fragmented secure email solutions undertaken by industry, academia, and independent developers, and to draw the conclusion that a one-size-fits-all solution is unlikely. We highlight that vulnerable users are not well served by current solutions. We also account for the failure of PGP, and argue secure messaging, while complementary, is not a fully substitutable technology.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
With the advent of free domain certificates with Let’s Encrypt, it is possible that more providers are using verifiable certificates since these measurements were conducted in 2015–2016.
- 3.
Of note, S/MIME uses a supporting suite of certificate management protocols, including RFC 5280 [28], which defines an IETF subset of X.509v3 certificates.
- 4.
Revocation of a compromised private key can be supported by having versions of the key. The result of obtaining an incorrect key version is comparable to obtaining a compromised key. The trust model of IBE is tantamount to a trusted public key server.
- 5.
- 6.
- 7.
- 8.
Fingerprint comparison is common with secure messaging applications, but the feature is often ignored by users [137].
References
Abelson, H., et al.: The risks of key recovery, key escrow, and trusted third-party encryption. World Wide Web J. 2(3), 241–257 (1997)
Abelson, H., et al.: Keys under doormats: mandating insecurity by requiring government access to all data and communications. J. Cybersecurity 1(1) (2015)
Abu-Salma, R., et al.: The security blanket of the chat world: an analytic evaluation and a user study of Telegram. In: European Workshop on Usable Security (EuroUSEC 2017). Internet Society (2017)
Abu-Salma, R., Sasse, M.A., Bonneau, J., Danilova, A., Naiakshina, A., Smith, M.: Obstacles to the adoption of secure communication tools. In: IEEE Symposium on Security & Privacy (2017)
Andersen, K., Long, B., Blank, S., Kucherawy, M.: Authenticated Received Chain (ARC) protocol. RFC 8617, IETF, July 2019
Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: DNS security introduction and requirements. RFC 4033, March 2005
Atwater, E., Bocovich, C., Hengartner, U., Lank, E., Goldberg, I.: Leading Johnny to water: Designing for usability and trust. In: SOUPS (2015)
Autocrypt Team: Autocrypt level 1 specification, release 1.1.0, April 2019
Back, A.: Hashcash - A Denial of service counter-measure. Technical report, hashcash.org (2002). http://www.hashcash.org/hashcash.pdf
Bai, W., Namara, M., Qian, Y., Kelley, P.G., Mazurek, M.L., Kim, D.: An inconvenient trust: User attitudes toward security and usability tradeoffs for key-directory encryption systems. In: SOUPS (2016)
Balenson, D.: Privacy enhancement for Internet electronic mail: Part III: Algorithms, modes, and identifiers. RFC 1423, February 1993
Barnes, R.L.: DANE: taking TLS authentication to the next level using DNSSEC. IETF J. 7(2) (2011)
Basin, D., Cremers, C., Kim, T.H.J., Perrig, A., Sasse, R., Szalachowski, P.: ARPKI: attack resilient public-key infrastructure. In: CCS (2014)
Bellovin, S.M.: A look back at “security problems in the TCP/IP protocol suite”. In: ACSAC (2004)
Birk, V., Marques, H., Shelburn, Koechli, S.: pretty Easy privacy (pEp): Privacy by default. Internet-Draft draft-birk-pep-06, IETF, November 2020. https://datatracker.ietf.org/doc/html/draft-birk-pep-06, work in progress
Boldyreva, A., Goyal, V., Kumar, V.: Identity-based encryption with efficient revocation. In: CCS (2008)
Borisov, N., Goldberg, I., Brewer, E.: Off-the-record communication, or, why not to use PGP. In: WPES (2004)
Brown, I., Laurie, B.: Security against compelled disclosure. In: ACSAC (2000)
Callas, J., Donnerhacke, L., Finney, H., Shaw, D., Thayer, R.: OpenPGP message format. RFC 4880, November 2007
Caputo, D.D., Pfleeger, S.L., Freeman, J.D., Johnson, M.E.: Going spear phishing: Exploring embedded training and awareness. IEEE S&P Mag. 12(1) (2014)
Chandramouli, R., Garfinkel, S.L., Nightingale, S.J., Rose, S.W.: Trustworthy email. Special Publication NIST SP 800-177 Rev.1, 26 Feb 2019
Chatterjee, R., et al.: The spyware used in intimate partner violence. In: 2018 IEEE Symposium on Security and Privacy, SP 2018, Proceedings, 21–23 May 2018, pp. 441–458 (2018)
Chaum, D.: Designated confirmer signatures. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 86–91. Springer, Heidelberg (1995). https://doi.org/10.1007/BFb0053427
Chen, J., Paxson, V., Jiang, J.: Composition kills: A case study of email sender authentication. In: USENIX Security (2020)
Clark, J., van Oorschot, P.C., Ruoti, S., Seamons, K.E., Zappala, D.: Sok: Securing email–a stakeholder-based analysis. Technical report 1804.07706, arXiv v2, 25 October 2020
Clark, J., van Oorschot, P.C.: SSL and HTTPS: revisiting past challenges and evaluating certificate trust model enhancements. In: IEEE Symposium on Security & Privacy (2013)
Computing Researach Association: Four grand challenges in trustworthy computing (2003)
Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. RFC 5280, May 2008
Crocker, D.: Internet mail architecture. RFC 5598, IETF (2009)
Crocker, D., Hallam-Baker, P., Hansen, T.: DomainKeys Identified Mail (DKIM) service overview. RFC 5585, July 2009
Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: design of a type iii anonymous remailer protocol. In: 2003 Symposium on Security and Privacy, 2003, pp. 2–15 (2003)
Dechand, S., Naiakshina, A., Danilova, A., Smith, M.: In encryption we don’t trust: the effect of end-to-end encryption to the masses on user perception. In: EuroS&P 2019 (2019)
Dechand, S., et al.: An empirical study of textual key-fingerprint representations. In: USENIX Security (2016)
Diffie, W., Landau, S.: Privacy on the Line: The Politics of Wiretapping and Encryption. The MIT Press, second edition 2007 (472 pages), first edition 1998 (352 pages)
Dingledine, R., Mathewson, N.: Anonymity loves company: usability and the network effect. In: WEIS (2006)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: USENIX Security (2004)
Durumeric, Z., et al.: Neither snow nor rain nor MITM...: An empirical analysis of email delivery security. In: IMC (2015)
Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993)
Elkins, M., Torto, D.D., Levien, R., Roessler, T.: MIME security with OpenPGP. RFC 3156, August 2001
Englehardt, S., Han, J., Narayanan, A.: I never signed up for this: privacy implications of email tracking. PETS (2018)
Fagan, M., Khan, M.M.H.: Why do they do what they do?: a study of what motivates users to (not) follow computer security advice. In: SOUPS (2016)
Farrell, S.: Why don’t we encrypt our email? IEEE Internet Computing, vol. 13(1) (2009)
Fenton, J.: Analysis of threats motivating DomainKeys Identified Mail (DKIM). RFC 4686, September 2006
Florêncio, D., Herley, C., van Oorschot, P.C.: An administrator’s guide to Internet password research. In: USENIX LISA (2014)
Foster, I.D., Larson, J., Masich, M., Snoeren, A.C., Savage, S., Levchenko, K.: Security by any other name: on the effectiveness of provider based email security. In: CCS (2015)
Franceschi-Bicchierai, L.: Even the inventor of PGP doesn’t use PGP. motherboard.vice.com, September 2015. https://motherboard.vice.com/en_us/article/vvbw9a/even-the-inventor-of-pgp-doesnt-use-pgp
Franklin, J., Perrig, A., Paxson, V., Savage, S.: An inquiry into the nature and causes of the wealth of Internet miscreants. In: CCS (2007)
Freed, N., Borenstein, N.S.: Multipurpose Internet Mail Extensions (MIME) Part one: Format of Internet message bodies. RFC 2045, November 1996
Fry, A., Chiasson, S., Somayaji, A.: Not sealed but delivered: the (un) usability of S/MIME today. In: ASIA (2012)
Garfinkel, S.L., Margrave, D., Schiller, J.I., Nordlander, E., Miller, R.C.: How to make secure email easier to use. In: CHI (2005)
Garfinkel, S.L., Miller, R.C.: Johnny 2: A user test of key continuity management with S/MIME and Outlook Express. In: SOUPS (2005)
Gasser, U., et al.: Don’t panic: Making progress on the “going dark” debate. Berkman Center for Internet & Society at Harvard Law School (2016)
Gaw, S., Felten, E.W., Fernandez-Kelly, P.: Secrecy, flagging, and paranoia: adoption criteria in encrypted email. In: CHI (2006)
Geambasu, R., Kohno, T., Levy, A.A., Levy, H.M.: Vanish: increasing data privacy with self-destructing data. In: USENIX Security Symposium (2009)
Gellens, R., Klensin, J.: Message submission for mail. RFC 6409, November 2011
Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University (2009)
Goldberg, I., Wagner, D., Brewer, E.: Privacy-enhancing technologies for the Internet. In: IEEE COMPCON. Digest of Papers, February 1997. https://doi.org/10.1109/CMPCON.1997.584680
Goldberg, I.: Privacy-enhancing technologies for the Internet, II: Five years later. In: PETS (2003)
Goldberg, I.: Privacy enhancing technologies for the Internet III: Ten years later. In: Acquisti, A., Gritzalis, S., Lambrinoudakis, C., De Capitani di Vimercati, S. (eds.) Digital Privacy: Theory, Technologies and Practices. Auerbach Press (2007)
Goldberg, I.A.: A Pseudonymous Communications Infrastructure for the Internet. Ph.D. thesis, UC Berkeley (2000)
Goodin, D.: Use of Tor helped FBI ID suspect in bomb hoax case. Ars Technica, December 2013
Google: Hosted S/MIME by Google provides enhanced security for Gmail in the enterprise (2019). https://security.googleblog.com/2017/02/hosted-smime-by-google-provides.html
Hadnagy, C.: Social Engineering: The Art of Human Hacking. Wiley (2010)
Havron, S., Freed, D., Chatterjee, R., McCoy, D., Dell, N., Ristenpart, T.: Clinical computer security for victims of intimate partner violence. In: USENIX Security (2019)
Herley, C.: So long, and no thanks for the externalities: the rational rejection of security advice by users. In: NSPW (2009)
Hoffman, P.: Allowing relaying in SMTP: A series of surveys. Internet Mail Consortium Report 16 (2002)
Hoffman, P.E.: SMTP service extension for secure SMTP over Transport Layer Security. RFC 3207, February 2002
Hoffman, P.E., Schlyter, J.: The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. RFC 6698, August 2012
Holz, R., Amann, J., Mehani, O., Wachs, M., Kaafar, M.A.: TLS in the wild: an Internet-wide analysis of TLS-based protocols for electronic communication. In: NDSS (2016)
Housley, R.: Cryptographic Message Syntax (CMS). RFC 5652, September 2009
Houttuin, J.: A tutorial on gatewaying between x.400 and internet mail. RFC 1506, IETF (2016)
Hsiao, H.C., et al.: A study of user-friendly hash comparison schemes. In: ACSAC (2009)
Hu, H., Wang, G.: End-to-end measurements of email spoofing attacks. In: USENIX Security (2018)
Hushmail (2019). https://www.hushmail.com/
Iedemska, J., Stringhini, G., Kemmerer, R., Kruegel, C., Vigna, G.: The tricks of the trade: what makes spam campaigns successful? In: SPW (2014)
Jakobsson, M., Sako, K., Impagliazzo, R.: Designated verifier proofs and their applications. In: EUROCRYPT (1996)
Jones, S.M., Rae-Grant, J., Adams, J.T., Andersen, K.: Recommended Usage of the Authenticated Received Chain (ARC). Internet-draft, IETF, May 2020
Kaliski, B.: Privacy enhancement for Internet electronic mail: Part IV: Key certification and related services. RFC 1424, February 1993
Kamara, S.: Encrypted search. XRDS 21(3), 30–34 (2015). https://doi.org/10.1145/2730908
Kang, R., Dabbish, L., Fruchter, N., Kiesler, S.: “My data just goes everywhere:” user mental models of the Internet and implications for privacy and security. In: SOUPS (2015)
Kapadia, A.: A case (study) for usability in secure email communication. IEEE S&P Mag. 5(2) (2007)
Kent, S.: Privacy enhancement for Internet electronic mail: Part II: Certificate-based key management. RFC 1422, February 1993
Kent, S.T.: Internet privacy enhanced mail. CACM 36(8) (1993)
Kitterman, D.S.: Sender Policy Framework (SPF) for authorizing use of domains in email, version 1. RFC 7208, April 2014
Klensin, J.C.: Simple Mail Transfer Protocol. RFC 5321, October 2008
Kucherawy, M.: Simple Mail Transfer Protocol. RFC 8601, IETF, May 2019
Kucherawy, M., Crocker, D., Hansen, T.: DomainKeys Identified Mail (DKIM) signatures. RFC 6376, September 2011
Kucherawy, M., Zwicky, E.: Domain-based Message Authentication, Reporting, and Conformance (DMARC). RFC 7489, March 2015
Laszka, A., Vorobeychik, Y., Koutsoukos, X.D.: Optimal personalized filtering against spear-phishing attacks. In: AAAI (2015)
Laurie, B., Clayton, R.: Proof-of-work proves not to work; version 0.2. In: WEIS (2004)
Lauzon, E.: The Philip Zimmermann investigation: the start of the fall of export restrictions on encryption software under first amendment free speech issues. Syracuse L. Rev. 48, 1307 (1998)
Lerner, A., Zeng, E., Roesner, F.: Confidante: usable encrypted email: a case study with lawyers and journalists. In: IEEE EuroS&P (2017)
Levchenko, K., et al.: Click trajectories: end-to-end analysis of the spam value chain. In: IEEE Symposium on Security & Privacy (2011)
Levien, R., McCarthy, L., Blaze, M.: Transparent Internet e-mail security. In: NDSS (1996)
Levison, L.: Dark Internet Mail Environment architecture and specifications, March 2015. https://darkmail.info/downloads/dark-internet-mail-environment-march-2015.pdf
Linn, J.: Privacy enhancement for Internet electronic mail: Part I: Message encryption and authentication procedures. RFC 1421, February 1993
Liu, D., Hao, S., Wang, H.: All your DNS records point to us: understanding the security threats of dangling DNS records. In: CCS (2016)
Margolis, D., et al.: SMTP MTA Strict Transport Security. RFC 8461, IETF (2018)
Marlinspike, M.: GPG and me. moxie.org, February 2015. https://moxie.org/2015/02/24/gpg-and-me.html
Masone, C., Smith, S.W.: ABUSE: PKI for real-world email trust. In: Martinelli, F., Preneel, B. (eds.) EuroPKI 2009. LNCS, vol. 6391, pp. 146–162. Springer, Heidelberg (2010)
Mayer, W., Zauner, A., Schmiedecker, M., Huber, M.: No need for black chambers: testing TLS in the e-mail ecosystem at large. In: IEEE ARES (2016)
McCoy, D., et al.: PharmaLeaks: understanding the business of online pharmaceutical affiliate programs. In: USENIX Security Symposium (2012)
McGregor, S.E., Watkins, E.A., Al-Ameen, M.N., Caine, K., Roesner, F.: When the weakest link is strong: secure collaboration in the case of the Panama papers. In: USENIX Security Symposium (2017)
Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J.: CONIKS: bringing key transparency to end users. In: USENIX Security Symposium (2015)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press (1996)
Meyerovich, L., Livshits, B.: ConScript: specifying and enforcing fine-grained security policies for JavaScript in the browser. In: IEEE Symposium on Security & Privacy (2010)
Mitnick, K.D., Simon, W.L.: The Art of Deception: Controlling the Human Element of Security. John Wiley & Sons (2011)
Nakamoto, S.: Bitcoin: A peer-to-peer electionic cash system. Unpublished (2008). https://bitcoin.org/bitcoin.pdf
Narayanan, A.: What happened to the crypto dream?, Part 1. IEEE S&P Magazine 11 (2013)
Narayanan, A.: What happened to the crypto dream?, Part 2. IEEE S&P Magazine 11 (2013)
Newman, C.: Using TLS with IMAP, POP3 and ACAP. RFC 2595, June 1999
Nurse, J.R., Creese, S., Goldsmith, M., Lamberts, K.: Trustworthy and effective communication of cybersecurity risks: a review. In: Workshop on Socio-Technical Aspects in Security and Trust (STAST 2011). IEEE (2011)
Orman, H.: Encrypted Email: The History and Technology of Message Privacy. Springer (2015). https://doi.org/10.1007/978-3-319-21344-6
Partridge, C.: The technical development of Internet email. IEEE Ann. History Comput. 30(2), 3–29 (2008)
Pasquier, T.F.M., Singh, J., Eyers, D., Bacon, J.: Camflow: managed data-sharing for cloud services. IEEE Trans. Cloud Comput. 5(3), 472–484 (2017)
Perrin, T., Marlinspike, M.: Double ratchet algorithm, revision 1. signal.org (2016)
Protonmail (2019). https://protonmail.com/
Ramsdell, B., Turner, S.: Secure/Multipurpose Internet Mail Extensions (S/MIME) version 3.2 message specification. RFC 5751, January 2010
Ramsdell, B.C.: S/MIME version 3 message specification. RFC 2633, June 1999
The Radicati Group: Email statistics report, 2020–2024 (2019)
Renaud, K., Volkamer, M., Renkema-Padmos, A.: Why doesn’t Jane protect her privacy? In: PETS (2014)
Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: ASIACRYPT (2001)
Rivner, U.: Anatomy of an attack. RSA blog, 1 April 2011. http://web.archive.org/web/20110413224418/blogs.rsa.com:80/rivner/anatomy-of-an-attack/
Romera, P., Gallego, C.S.: How ICIJ deals with massive data leaks like the Panama Papers and Paradise Papers, 3 July 2018. https://www.icij.org/blog/2018/07/how-icij-deals-with-massive-data-leaks-like-the-panama-papers-and-paradise-papers/
Roth, V., Straub, T., Richter, K.: Security and usability engineering with particular attention to electronic mail. Int. J. Hum.-Comput. Stud. 63(1), 51–73 (2005)
Ruoti, S., et al.: A usability study of four secure email tools using paired participants. ACM Trans. Privacy Secur. 22(2), 22–29 (2019)
Ruoti, S., et al.: “We’re on the same page”: a usability study of secure email using pairs of novice users. In: CHI (2016)
Ruoti, S., Andersen, J., Hendershot, T., Zappala, D., Seamons, K.: Private webmail 2.0: Simple and easy-to-use secure email. In: UIST (2016)
Ruoti, S., Andersen, J., Monson, T., Zappala, D., Seamons, K.: A comparative usability study of key management in secure email. In: SOUPS (2018)
Ruoti, S., Kim, N., Burgon, B., Van Der Horst, T., Seamons, K.: Confused Johnny: when automatic encryption leads to confusion and mistakes. In: SOUPS (2013)
Ruoti, S., Monson, T., Wu, J., Zappala, D., Seamons, K.: Weighing context and trade-offs: how suburban adults selected their online security posture. In: SOUPS (2017)
Ruoti, S., Seamons, K.: Johnny’s journey toward usable secure email. IEEE Secur. Privacy 17(6), 72–76 (2019)
Ryan, M.D.: Enhanced certificate transparency and end-to-end encrypted mail. In: NDSS (2014)
Santos, N., Gummadi, K.P., Rodrigues, R.: Towards trusted cloud computing. HotCloud 9(9), 3 (2009)
Sasse, A.: Scaring and bullying people into security won’t work. IEEE S&P Magazine 13(3) (2015)
Schneier, B., Hall, C.: An improved e-mail security protocol. In: ACSAC (1997)
Schröder, S., Huber, M., Wind, D., Rottermanner, C.: When SIGNAL hits the fan: on the usability and security of state-of-the-art secure mobile messaging. In: EuroUSEC (2016)
Shamir, A.: Identity-based cryptosystems and signature schemes. In: Crypto (1984)
Siemborski, R., Gulbrandsen, A.: IMAP extension for Simple Authentication and Security Layer (SASL) initial client response. RFC 4959, September 2007
Siemborski, R., Melnikov, A.: SMTP service extension for authentication. RFC 4954, July 2007
Siemborski, R., Menon-Sen, A.: The Post Office Protocol (POP3) Simple Authentication and Security Layer (SASL) authentication mechanism. RFC 5034, July 2007
Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE Symposium on Security & Privacy (2000)
Sparrow, E., Halpin, H., Kaneko, K., Pollan, R.: LEAP: a next-generation client VPN and encrypted email provider. In: CANS (2016)
Stewart, G., Lacey, D.: Death by a thousand facts: criticising the technocratic approach to information security awareness. Information Management & Computer Security 20(1) (2012)
Stringhini, G., Egele, M., Zarras, A., Holz, T., Kruegel, C., Vigna, G.: B@bel: leveraging email delivery for spam mitigation. In: USENIX Security Symposium (2012)
Tutanota (2019). https://tutanota.com/
Unger, N., et al.: SoK: secure messaging. In: IEEE Symposium on Security & Privacy (2015)
Valsorda, F.: Op-ed: I’m throwing in the towel in PGP, and I work in security. Ars Technica, December 2016
Van Acker, S., De Ryck, P., Desmet, L., Piessens, F., Joosen, W.: WebJail: least-privilege integration of third-party components in web mashups. In: ACSAC (2011)
Vaziripour, E., Wu, J., Farahbakhsh, R., Seamons, K., O’Neill, M., Zappala, D.: A survey of the privacy preferences and practices of iranian users of telegram. In: Workshop on Usable Security (USEC) (2018)
Vaziripour, E., et al.: Is that you, Alice? a usability study of the authentication ceremony of secure messaging applications. In: SOUPS (2017)
Wash, R.: Folk models of home computer security. In: SOUPS (2010)
Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. In: USENIX Security Symposium (1999)
Wolchok, S., et al.: Defeating Vanish with low-cost sybil attacks against large DHTs. In: NDSS (2010)
Wolthusen, S.D.: A distributed multipurpose mail guard. In: IAW (2003)
Wu, J., Gatrell, C., Howard, D., Tyler, J., Vaziripour, E., Seamons, K., Zappala, D.: “Something isn’t secure, but I’m not sure how that translates into a problem”: promoting autonomy by designing for understanding in Signal. In: SOUPS (2019)
Wu, J., Zappala, D.: When is a tree really a truck? exploring mental models of encryption. In: SOUPS (2018)
Zimmermann, P.: PGP Source Code and Internals. MIT Press, Boston (1995)
Zimmermann, P.: PGP marks 10th anniversary, 5 June 2001
Zimmermann, P.R.: The Official PGP User’s Guide. MIT Press, Cambridge (1995)
Acknowledgments
We are grateful to the reviewers for spirited feedback, and the final version was highly reshaped based on their suggestions. J. Clark acknowledges funding from the NSERC/Raymond Chabot Grant Thornton/Catallaxy Industrial Research Chair and his Discovery Grant. P.C. van Oorschot acknowledges NSERC funding for both his Canada Research Chair and a Discovery Grant. K. Seamons and D. Zappala acknowledge support by the National Science Foundation Grant No. CNS-1816929.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 International Financial Cryptography Association
About this paper
Cite this paper
Clark, J., van Oorschot, P.C., Ruoti, S., Seamons, K., Zappala, D. (2021). SoK: Securing Email—A Stakeholder-Based Analysis. In: Borisov, N., Diaz, C. (eds) Financial Cryptography and Data Security. FC 2021. Lecture Notes in Computer Science(), vol 12674. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-64322-8_18
Download citation
DOI: https://doi.org/10.1007/978-3-662-64322-8_18
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-64321-1
Online ISBN: 978-3-662-64322-8
eBook Packages: Computer ScienceComputer Science (R0)