1. Field of the Invention
The present invention relates to electronic mail and encryption of data. More particularly, the present invention relates to a method and an apparatus for sending encrypted electronic mail through a distribution list exploder that forwards the electronic mail to recipients on a distribution list.
2. Related Art
The advent of computer networks has led to an explosion in the development of applications that facilitate rapid dissemination of information. In particular, electronic mail is becoming the predominant method for communicating textual and other non-voice information. Using electronic mail, it is just as easy to send a message to a recipient on another continent as it is to send a message to a recipient within the same building. Furthermore, an electronic mail message typically takes only a few minutes to arrive, instead of the days it takes for surface mail to snake its way along roads and through airports.
One problem with electronic mail is that it is hard to ensure that sensitive information sent through electronic mail is kept confidential. This is because an electronic mail message can potentially traverse many different computer networks and many different computer systems before it arrives at its ultimate destination. An adversary can potentially intercept an electronic mail message at any of these intermediate points along the way.
One way to remedy this problem is to “encrypt” sensitive data using an encryption key so that only someone who possesses a corresponding decryption key can decrypt the message. (Note that for commonly used symmetric encryption mechanisms the encryption key and the decryption key are the same key.) A person sending sensitive data through electronic mail can encrypt the sensitive data using the encryption key before it is sent through email. At the other end, the recipient of the email can use the corresponding decryption key to decrypt the sensitive information.
Encryption works well for a message sent to a single recipient. However, encryption becomes more complicated for a message sent to multiple recipients. This is because encryption keys must be managed between a large number of recipients and the sender.
Conventional mail protocols, such as the Pretty Good Privacy (PGP) protocol, send mail to multiple recipients by encrypting a message with a message key (that is randomly selected for the message) to form an encrypted message. The message key is then encrypted with the public key of each of the recipients to form a set of encrypted keys. The set of encrypted keys is sent with the encrypted message to all of the recipients. Each recipient uses its private key to decrypt the encrypted message key and then uses the message key to decrypt the encrypted message.
The problem with this scheme is that the sender must know the identities of each of the recipients and must know the public key of each of the recipients. It is easier for the sender to send the message to a single machine called a distribution list exploder (DLE), which keeps track of the identities and other information for a set of recipients specified in a distribution list. This allows the DLE to forward a message to recipients specified in the distribution list. For example, in sending a message to a group of people connected with a project, a DLE can keep track of the recipients involved in the project and can route messages to the recipients. Unfortunately, existing DLE systems generally do not support sending encrypted messages. However, there have been suggestions to provide such support. (see “NETWORK SECURITY, PRIVATE Communication in a PUBLIC World,” by Charlie Kaufman, Radia Perlman and Mike Spencer, Prentice-Hall 1995, page 338).
What is needed is a method and an apparatus for sending an encrypted message to multiple recipients specified in a distribution list.