Abstract
We surveyed 470 Amazon.com merchants regarding their experience, knowledge and perceptions of digitally-signed email. Some of these merchants (93) had been receiving digitally-signed VAT invoices from Amazon for more than a year. Respondents attitudes were measured as to the role of signed and/or sealed mail in e-commerce. Among our findings: 25.2% of merchants thought that receipts sent by online merchants should be digitally-signed, 13.2% thought they should be sealed with encryption, and 33.6% thought that they should be both signed and sealed. Statistically-significant differences between merchants who had received the signed mail and those who had not are noted. We conclude that Internet-based merchants should send digitally-signed email as a “best practice,” even if they think that their customers will not understand the signatures, on the grounds that today’s email systems handle such signatures automatically and the passive exposure to signatures appears to increase acceptance and trust.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Gutmann, P.: Why isn’t the internet secure yet, dammit. In: AusCERT Asia Pacific Information Technology Security Conference 2004; Computer Security: Are we there yet? (2004), http://conference.auscert.org.au/conf2004/
Federal Trade Comission: Identity thief goes “phishing” for consumers’ credit information (2003), http://www.ftc.gov/opa/2003/07/phishing.htm
Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: A usability evaluation of PGP 5.0. In: 8th USENIX Security Symposium, pp. 169–184 (1999)
Linn, J.: RFC 989: Privacy enhancement for Internet electronic mail: Part I: Message encipherment and authentication procedures, Obsoleted by RFC1040, RFC1113 [5, 6]. Status: UNKNOWN (1987)
Linn, J.: RFC 1040: Privacy enhancement for Internet electronic mail: Part I: Message encipherment and authentication procedures, Obsoleted by RFC1113 [6]. Obsoletes RFC0989 [4]. Status: UNKNOWN (1988)
Linn, J.: RFC 1113: Privacy enhancement for Internet electronic mail: Part I – message encipherment and authentication procedures, Obsoleted by RFC1421 [16]. Obsoletes RFC0989, RFC1040 [4, 5]. Status: HISTORIC (1989)
Zimmermann, P.R.: The Official PGP User’s Guide. MIT Press, Cambridge (1995)
Atkins, D., Stallings, W., Zimmermann, P.: RFC 1991: PGP message exchange formats, Status: INFORMATIONAL (1996)
Elkins, M.: RFC 2015: MIME security with pretty good privacy (PGP), Status: Proposed Standard (1996)
Dusse, S., Hoffman, P., Ramsdell, B., Lundblade, L., Repka, L.: RFC 2311: S/MIME version 2 message specification, Status: Informational (1998)
Ramsdell, B.: Secure/multipurpose internet mail extensions (s/mime) version 3.1 message specification (2004)
GVU: GVU’s tenth WWW user survey results (1999), http://www.cc.gatech.edu/gvu/usersurveys/survey-1998-10/
Whitten, A.: Making Security Usable. PhD thesis, School of Computer Science, Carnegie Mellon University (2004)
CERT Coordination Center: CERT advisory ca-2001-26 nimda worm. Technical report, CERT Coordination Center, Pittsburgh, PA (2001)
T. Ylonen, e.a.: SSH protocol architecture (1998) Work in Progress.
Linn, J.: RFC 1421: Privacy enhancement for Internet electronic mail: Part I: Message encryption and authentication procedures (1993) Obsoletes RFC1113 [6]. Status: PROPOSED STANDARD.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Garfinkel, S.L., Schiller, J.I., Nordlander, E., Margrave, D., Miller, R.C. (2005). Views, Reactions and Impact of Digitally-Signed Mail in e-Commerce. In: Patrick, A.S., Yung, M. (eds) Financial Cryptography and Data Security. FC 2005. Lecture Notes in Computer Science, vol 3570. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11507840_18
Download citation
DOI: https://doi.org/10.1007/11507840_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26656-3
Online ISBN: 978-3-540-31680-0
eBook Packages: Computer ScienceComputer Science (R0)