login
password
HOME
Knowing
Cadses Area
Internationalization
Cooperation
Internet & E/Business
Education
Virtual Clustering
Event & Expos
Online experts
Cooperating
Overview
Submit
Search
Re-validation / Elimination
Distribution
Conditions
Contact
Communicating
Emeetings
Learning
Sharing
Wood
Mechanics
Tourism
Plastics
SEARCH
Advanced search
Guide
Help
Contacts
Credits
Inde Project
Services
Cavirc.net Partners
Cavirc.net
/
Knowing
/
Internet & E-Business
/
SECURITY & PRIVACY
/
Email security in depth
<!--BeginDoc 62506134--> <PRE> <span class="htmla_testo"><span class="htmla_testo"><span class="htmla_testo"><p><strong>Sender's Identity</strong></p><p></p><p>- the most reliable and common tools are the subscription certificates released by Certificate Authority following the <a href="http://www.cnipa.gov.it/site/it- IT/Le_Attivit%c3%a0/Elenco_certificatori/"><font color="#003366">CNIPA rules</font></a><font color="#003366">.</font> Documents signed with these certificates are legally opposable to third parties and can be attached to email messages.<br />As an alternative (or in addition) to this solution it is possible to sign an email message using other certificates (not a subscription certificate) issued with regard to Electronic Mail (and associated to the e-mail box).</p><p>- It is very important that digital signature certificates reside on devices where it's physically impossible to access the signature secret code (the private key); the most diffused solutions are Smart Cards, but also other types of support, that don't need special readers and use a computer's standard port (i.e. USB), are becomming widespread.<br />Signature certificates not residing on protected supports can be read by unauthorized persons and used for fraudulent uses.</p><p> Certified Email can also be useful for certified email providers that must identify users in the right to avoid abuses. Nevertheless documents and / or messages' digital signature is always very useful.</p><p><br /><strong>Message Integrity</strong></p><p><br />E-signature is useful in this case too. Signed documents or messages can't be modified without changing their signature.Receiver can check that the signature has not been modified: in this way he can also verify that the document/message is the same as the sender signed version.<br />Digital Signature validity control concerns:<br />- messages: by normal email software (Outlook,...)<br />- documents with digital signature: by (free) tools provided by Certificate Authority that issued the Signature Certificates.</p><p>Other technologies can be useful, in the absence of signature:<br />- secure communication channels between the user's workstation and the email provider. For instance: the use of SSL encryption software in the connection between client and provider's server: SSL can be suitable for sending mail protocol (SMTP) and for receiving mail protocol (POP3/IMAP) and for sending/receiving mail with web interface (WEBMAIL)<br />- Certified Email can even ensure the secure connection and the message integrity even in the transport between a certified email system and another.</p></span><br />Since the "from/sender" field of the message can be easily modified, the best way to trust who sent a message or a document, is to request the sender's (digital) signature.</span></span></PRE> <!--EndDoc 19639601--> <BR>
