VARs and consultants charged with securing their customers' email systems should understand what digital signatures can and can't do. While digital signatures bind a sender to a message, they should never be applied beyond their scope, lest the customer think a greater security has been imparted to the signed email than the technique is capable of providing.
 |
| Email Security Project Guide |
| Find more tips and strategies for securing your customer's email systems in our Email Security Project Guide, designed specifically for channel professionals. |
|
|
|
|
A digital signature is data appended to a message. The data identifies and authenticates the sender and message using public key encryption. The sender uses a one-way hash function to generate a hash code from the message data. The sender then encrypts the hash-code with a private key. The receiver recomputes the hash-code from the data and decrypts the received hash with the sender's public key. If the two hash-codes are equal, the receiver is given an indication that the data has not been corrupted while in transit, and that it appears to have come from the designated sender.
Dual signatures can link two messages within a message unit. The segments may be addressed to different people such that the message parts may only be read by the intended recipient, yet provide a quick way to check the structural integrity of the overall message.
If one part of the message needs to be more secure than the other, another layer of encryption can be applied on top of the "message plus signature" data. A digital envelope is a way to encrypt data and to send the key for that encryption along with the data. Most enveloping schemes use a symmetric method to encrypt the data and an asymmetric one to encrypt the key.
Digital signatures may best be used as a negative indicator. If a user expects a digital signature with a message and finds none (or one that computes to an unexpected value) the user is forced to authenticate the message by some other means or reject it entirely. The biggest conceptual problem with digital signatures is that a positive result (that is, everything seems OK) does not necessarily validate message accuracy.
Commercial products use digital signature techniques to control email. Internal mail can be identified by signatures signed by a company's private key so they may not egress beyond the internal network. External mail may likewise be identified and sorted. In short, a signature is a tool that makes quick classification easier. Email benefits from this because of the volume and speed in which decisions must be made as to disposition. Signatures are no substitute for authentication processes, however.
Customers that want to identify the sender of incoming mail can use digital signature technology. It may be embedded in an application used to filter email for the entire organization or appear in the end user's machine. Different areas within organizations may use digital signatures in different ways. For example, the help desk may wish to assume that a sender is valid so as to speed response and have little need to validate a signature on their own. But, an executive may have to be more careful in how they reply to messages in order to minimize any economic espionage by competitors and thus need the assurance of a sender's signature. The balance of how this technology is implemented depends on the specifics of the situation.
About the author
Larry Loeb has been online since the world revolved around {!decvax}. He's been in many of last century's dead tree magazines about computers, having been a Consulting Editor to the late, lamented BYTE magazine, among other things. You can reach him at larryloeb@larryloeb.com.
