Email Signature
Status Quo
It is technically easy to manipulate the sender of an email, i. e. to send an email and to enter any sender.
A digital signature enables the recipient to verify the authenticity of the sender and the integrity of the content.
If you want to digitally sign your mails, there are two standards available: S/MIME and OpenPGP. Both work on the same basic principle, but use different data formats and only few software solutions support both formats at the same time.
Competing systems, the additional effort and sometimes high costs are considered the main reason for the low distribution of signed e-mails.
UNITED-PAGES
In principle, UNITED-PAGES, as a worldwide Public-Key-Infrastructure , can provide a contribution for encryption (coding with the public-key of the recipient/consumer) or signing (coding with private-key of the sender/supplier). This also applies to email. However, it seems to be a very ambitious goal to achieve a change in existing procedures.
A new approach based on UNITED-PAGES involves storing a digital signature for an email in a dig-UNIT:
| Variable | Semantik | Example |
| id | unique identifier | abc123 |
| from | email address of sender | fritz@fmail.com |
| to | email address(es) of receiver(s) | tom@tmail.com, tim@tmail.com |
| cc | carbon-copy | chris@cmail.com, charly@cmail.com |
| bcc | black-carbon-copy (see note*) | bob@bmail.com |
| chksum | hash | MD5:987Yfg... |
| expiration | expiration time (default: 3 months) | 2020-12-24T16:30:00+02:00 |
When sending an email, the email provider creates a corresponding dig-UNIT at the PROVIDER (usually identical) and then the email is attached the id of this dig-UNIT. The owner of dig-UNIT is thus basically the email provider of the sender (e. g. admin@fmail. com)
Knowing the id, any application (email-client or -server) can query the existence and values (with the exception of bcc) of the corresponding dig-UNIT with a simple GET-request (e. g. GET https://. . . /dig/admin/fmail. com?id=abc123) and then check:
- correctness of the sender (from)
- integrity of the message (chksum)
- exclusion of a manipulated forwarding (is your own recipient email originally listed in to or cc)
bcc note*
The handling of the bcc-field is not clearly defined for mail servers and there are often technical restrictions to enter certain distribution groups in the bcc-field. When dealing with dig-UNIT, it should also be noted that a recipient with knowledge of the id cannot obtain knowledge of bcc-recipients via the detour of a GET request. The bcc value should only be handed over to a court by the email provider in case of legal disputes.