English

SoK: Securing Email -- A Stakeholder-Based Analysis (Extended Version)

Cryptography and Security 2021-10-26 v3

Abstract

While email is the most ubiquitous and interoperable form of online communication today, it was not conceived with strong security guarantees, and the ensuing security enhancements are, by contrast, lacking in both ubiquity and interoperability. This situation motivates our research. We begin by identifying a variety of stakeholders who have an interest in the current email system and in efforts to provide secure solutions. We then use the tussle among stakeholders to explain the evolution of fragmented secure email solutions undertaken by industry, academia, and independent developers. We also evaluate the building blocks of secure email -- cryptographic primitives, key management schemes, and system designs -- to identify their support for stakeholder properties. From our analysis, we conclude that a one-size-fits-all solution is unlikely. Furthermore, we highlight that vulnerable users are not well served by current solutions, account for the failure of PGP, and argue that secure messaging, while complementary, is not a fully substitutable technology.

Keywords

Cite

@article{arxiv.1804.07706,
  title  = {SoK: Securing Email -- A Stakeholder-Based Analysis (Extended Version)},
  author = {Jeremy Clark and P. C. van Oorschot and Scott Ruoti and Kent Seamons and Daniel Zappala},
  journal= {arXiv preprint arXiv:1804.07706},
  year   = {2021}
}

Comments

Extended version of paper published at Financial Cryptography 2021. Under submission at CSUR

R2 v1 2026-06-23T01:30:10.678Z