Introduction

UKERNA commissioned a study and report describing the options for improving the security of electronic mail for academic community users in the JANET community. The study was funded by the Joint Information Systems Committee (JISC). Paul Leyland and Piete Brooks submitted a proposal in response to this request. The salient features of their proposal are:

• The Pretty Good Privacy program, PGP, should be the cryptographic component.

• It should be well-integrated into mail user agents (MUAs) so that non-expert users find secure email easy to use.

• Provision of public keys needs to be made simple, rapid and reliable.

• The authenticity of keys needs to be assured.

• Any work performed or service offered would have to be consistent with that done in the international community.

• Only MUA integration and key service would be discussed. Topics such as administration, the provision of documentation, end-user training, and the like were recognized as important but beyond our competence.

The proposal was accepted and a one-year contract started on 15 May 1995. Three interim reports and one final report were to be issued quarterly; this is the final report.

We start by explaining several fundamental concepts, then discuss in turn MUA integration, key service and international collaboration. We conclude with a description of what we consider will need to be done in the next few months.