ABUSE: PKI for Real-World Email Trust

12 years 3 months ago
ABUSE: PKI for Real-World Email Trust
Current PKI-based email systems (such as X.509 S/MIME and PGP/ MIME) potentially enable a recipient to determine a name and organizational affiliation of the sender. This information can suffice for a trust decision when the recipient already knows the sender--but how can a recipient decide whether or not trust email from a new correspondent? Current systems are not expressive enough to capture the real ways that trust flows in these sorts of scenarios. To solve this problem, we begin by applying concepts from social science research to a variety of such cases from interesting application domains; primarily, crisis management in the North American power grid. We have examined transcripts of telephone calls made between grid management personnel during the August 2003 North American blackout and extracted several different classes of trust flows from these real-world scenarios. Combining this knowledge with some design patterns from HCISEC, we develop criteria for a system that will ena...
Chris Masone, Sean W. Smith
Added 17 Feb 2011
Updated 17 Feb 2011
Type Journal
Year 2009
Authors Chris Masone, Sean W. Smith
Comments (0)