Privacy Enhanced E-Mail (PEM)

Initial specification of Internet e-mail did not address security issues. In particular, security mechanisms to provide Data Confidentiality, Authenticity, Integrity and Non-Repudiation were missing.

Security extensions to Internet e-mail that address these shortcomings have been specified in the form of a set of related RFCs. (RFCs 1421 RFC-1421, 1422 RFC-1422, 1423 RFC-1423, and 1424 RFC-1424).

These RFCs defines message encipherment and authentication procedures, in order to provide privacy enhancement services for electronic mail transfer in the Internet.

Those familiar with X.509 will detect a great deal of similarities between PEM mechanisms and procedures for Digital Signatures defined in X.509.

The procedures defined in these RFCs are intended to be compatible with a wide range of key management approaches, including both symmetric (secret-key) and asymmetric (public-key) approaches for encryption of data encrypting keys. Use of symmetric cryptography for message text encryption and/or integrity check computation is anticipated.

Privacy enhancement services (confidentiality, authentication, and message integrity assurance) are offered through the use of end-to- end cryptography between originator and recipient User Agent processes, with no special processing requirements imposed on the Message Transfer System at endpoints or at intermediate relay sites. This approach allows privacy enhancement facilities to be incorporated on a site-by-site or user-by-user basis without impact on other Internet entities. Interoperability among heterogeneous components and mail transport facilities is supported.