A survey of certified mail systems provided on the Internet

Abstract

Over the last several years, an increasing number of certified mail systems have been put into place on the Internet. Governments, postal operators and private businesses now provide value-added electronic services that match the quality of postal certified mail. So far, there is no common view on the security properties that an electronic certified mail system has to provide. This applies to implementers and, surprisingly, also applies to the research community. All certified mail systems provided on the Internet are autonomous, and most are closed systems. However, recent developments call for cross-border certified mail communications that are similar to what we have become accustomed to in e-mail. This demand is emphasized by the ongoing implementation of the European Union (EU) Services Directive. The interoperability of certified mail systems is a new and challenging research field. The aim of this paper is to assess and discuss various standards and certified mail systems deployed on a large scale by drawing on the literature. This will facilitate interoperability efforts by offering a clearer view on the security properties that are actually applied in practice, as opposed to what is in research. We do this by classifying systems according to the security properties defined to date in the literature. Our findings show that standards and systems provided on the Internet have adopted many aspects of postal certified mail with respect to fairness, non-repudiation services and applied trust models. Nevertheless, there are still differences and incompatibilities, and the community must work toward common and interoperable systems. We encourage research into additional properties that could be applied in practice.