E-mail has inherently been an unsecured method of communicating since its inception. While today email is a frequently used and convenient method of exchanging information, such usage was not planned for in the technology's beginning. The basic principles of e-mail were established more than thirty years ago when the Internet, then called ARPANET, was an emerging technology. Trust was a basic principle of the Internet back then. Universities, military, and governmental facilities were the only users of the Internet and everyone knew everyone else. Back then there wasn't a need for authentication of who actually sent the message because only a limited number of people could gain access to the networks over which the messages were traveling. When networks began connecting to each other, e-mail security became more important. Users realized that they needed verification of who was sending the message to make sure no one has changed the message during transit, and, in some cases, they realized they needed to secure that information against prying eyes.
By the mid 1990s, e-mail security became a needed addition to the messaging people already knew. Two protocols emerged as standards: Pretty Good Protection (PGP) and Secure/Multipurpose Internet Mail Extensions (S/MIME). Both offered digital signaturesi which added the capabilities of authentication, non-repudiation, and data integrity. Message encryption added the capabilities of confidentiality and data integrity. For the user this helped ensure two things: First, that only the intended recipient can read the message. Second, that a person reading a message can be assure of the identity of the sender.
This document is in PDF format. To view it click here.