A Decentralized Secure Email System based on Conventional RSA Signature

摘要

Recently, many users have been attacked by phishing or targeted malicious email, and thus email has become completely untrustworthy. So we gradually need to make email communications more secure. Of course, we can digitally sign, encrypt and decrypt emails by secure email systems such as S/MIME and PGP, which are two standards developed for that purpose. However, these two systems are seldom used and then have some drawbacks: the trust mode of PGP is only suitable for small-scaled organizations, and S/MIME cannot run away from the troubling operations such as the certificate application. In this paper, we propose a decentralized and large-scaled secure email system using conventional RSA signature embedding ID (e.g., email address), which is used in the communication scene among unspecified multi-organization. More importantly, our system needs neither a public key certificate nor voucher (e.g., CA or trusted user) for mail security by employing the new type of "key trust level". Since the reliability of email is decided by user itself rather than is decided by other vouchers, we can say that our system is truly decentralized.