The area of e-mail security is complex and with a lot of legacy. Both OpenPGP and S/MIME standards have their challenges, both in the way they sign and encrypt messages, and in the way they manage certificates. The solution built by Vereign combines the advantages of a peer to peer model somewhat similar to OpenPGP with the official recognition and option for centrally managed organisational signatures of S/MIME. It does so with usability far beyond that of any previous system, using blockchain for transparency and tamperproofing of one-time transaction certificates that link back to individual self-sovereign identities with aggregated third party verification.
That makes both OpenPGP and S/MIME a difficult fit for Vereign signatures, both because legacy clients cannot correctly assess the trust level of certificates used, and because of the issues in the S/MIME and OpenPGP e-mail standards identified by security researchers in last years. Basically, clients will consider messages with known security issues trustworthy, while they will flag those with higher security standards as not trustworthy. Getting around these issues would require active collaboration with established entities in the field, which Vereign is actively pursuing. In the meantime, the benefits offered by Vereign would be undermined by the security concerns of the legacy formats.
So during our workshop in Sofia in early September 2019 we asked ourselves: If we could think this differently, how would we do it?
Vereign creates signature cards for its signed mails already. These "V-Cards" represent in a visual, attractive way the information users are willing to provide to third parties as part of their verification of message, including name, picture, email address, telephone number, company, position, social media and more. For HTML messages, they are provides as images, while for text messages there is a simpler, pure text representation. V-Card images are specific to each message, and image formats have a variety of options for additional data that is not being displayed, specifically in their metadata. This information will not show up when looking at the image, but clients can retrieve the data and process it for a variety of purposes.
Why not have the V-Card carry digital signature and certificates in its metadata? That way, the V-Card becomes both the electronic signature as well as its visual representation.
This has a variety of advantages, including that it will be complimentary/incremental to traditional signature formats, which can still be used to wrap the message with an additional traditional signature that contains the V-Card image with its embedded signature.
What’s even more exciting is that we can have multiple pre-sets of V-Cards of different verbosity and complexity. These can be more or less elaborate depending on the requirement of the user. When using more elaborate versions we can include a QR code to uniquely represent this V-Card signature (and consequently, the message or document it is signing) so that the Vereign mobile app can be used as an independent, 2nd factor to verify the signature and message integrity.
The benefits of this approach are substantial: Users no longer need to verify a message only locally, there is no need to click on links that might have been manipulated, the 2nd factor provides a much better level of additional security, and each V-Card is uniquely associated with a message. So if a would-be impersonator is trying to cut & paste an image to counterfeit a signature it is immediately obvious which message this V-Card was taken from - narrowing the search for causes and perpetrators.
In combination with a modern design of the actual signature format it can dramatically increase security while not disrupting legacy clients, and it translates well to other formats, such as documents or web pages.