Trust Management
Besides content confidentiality, the management of the trust relationship between
sender and recipient over its lifetime proves to be as important: starting from
the trust bootstrapping process to ease of use when established, to revocation
and recovery in case of trust changing events and usability once it is established.
PrivaSphere manages trust in all exchanges conducted by email and over the web.
Trust color coding:
Trusted | Validated recipient - no change of the trust relation has occurred. | |
Non-validated system participant | This recipient is a registered user and will become trusted after your first message exchange protected by a MUC). After first viewing the message with the MUC, the recipient will access the message with his account password and mutual trust will be established. | |
Non-validated non-participant | This user can receive single messages protected by a MUC). As long as this recipient has not chosen a password, the recipient can access the message multiple times with the MUC until the message expires. | |
Closed or deleted user | This user can no longer access the messages. The account has been closed - for example because this user works for a different employer and no longer is the owner of that e-mail address. | |
trust level not determined | If a message is sent via the "secure contact me"/"prepaid return envelope" feature, trust level can not be determined. |
Hint: Encourage your non-validated, non-participant recipients to become
participants. If the recipient clicks on the quick register button, he can obtain a
password, trust with the sender is established and a MUC is not any longer needed
when communicating between these two parties. Registering only to receive does not
have a cost impact for the user.
see also:
- Message Unlock Code (MUC)
- --- Sending messages to non-validated participants without MUC ...
A detailed description about what "MUC's" are
is here
Sometimes, long after you think to be done, you are asked to verify some
counterpart
again - here is why!
More general arguments, why to trust PrivaSphere can be found
here.