Certified email

From HandWiki

Certified email (known as Posta elettronica certificata in Italy, or PEC in short) is a special type of email in use in Italy,[1] Switzerland ,[2] Hong Kong[3] and Germany .[4] Certified email is meant to provide a legal equivalent of the traditional registered mail, where users are able to legally prove that a given email has been sent and received by paying a small fee.

Registered mail is mainly used in Italy,[5] but there are present efforts to extend its legal validity according to the framework of the European Union.[6]

Description

A certified email can only be sent using a special Certified Email Account provided by a registered provider. When a certified email is sent, the sender's provider will release a receipt of the successful (or failed) transaction. This receipt has legal value and it includes precise information about the time the certified email was sent. Similarly, the receiver's provider will deliver the message in the appropriate certified email account and will then release to the sender a receipt of successful (or failed) delivery, indicating on this receipt the exact time of delivery. If either of these two receipts are lost by the sender, providers are required to issue a proof of transaction with equal legal validity, if this proof is requested within 30 months of delivery.

In terms of user experience, a certified email account is very similar to a normal email account. The only additional features are the receipts, received as attachments, providing details and timestamps for all transactions. A certified email account can only handle certified email and can't be used to send regular email.

Technical process

The development of this email service has conceptual variations that are dominated by two-party scenarios with only one sender and one receiver as well as a trusted third party (TTP) serving as a mediator. As in traditional registered mail, many certified email technologies call for the parties involved to trust the TTP, or the "postman", because it has the capacity to reveal the identity of the sender to the recipient once the protocol is initiated.[7] There are, however, some applications based on multi-party email protocols; these include the technology originally proposed by Markowitch and Kremer, that involves an online or offline TTP in addition to the sender and receiver.[8] There is also a multi-party version, wherein a user can send the same email to multiple recipients. In this system, those who acknowledge the receipt are able to view the data. Some applications also offer add-in features, such as the integration of the concept of timeliness, wherein a participant to the process can terminate a session in finite time in order to avoid waiting for a reply forever.[9]

The mediation of a trusted third party (TTP) requires both parties, the sender and the recipient, to come to terms in approving who will be the mediator. In compliance scenarios, where a regulation may simply require a party to deliver a notice to a given recipient and be able to prove having done so (i.e. GDPR), the role of a TTP can be trusted to an electronic registered delivery service capable to secure timestamped evidence of the contents and delivery of the electronic message, without the recipient's intervention.[10]

Certified email in Italy

The Italian certified email (Posta elettronica certificata, PEC) was established in 2005[11] and it uses protocols described in the RFC 6109 (Request for Comments 6109), which was drafted in order to make the protocols public to the Internet community.

Since July 1 of 2013, all communications between enterprises and the Italian public administration are required to be sent through PEC and paper documents are no longer accepted.[12]

All matters concerning PEC in Italy are supervised and regulated by a special government agency called AgID ("Agenzia per l'Italia digitale") which determines the authorized certified email providers, the legal framework of PEC and the rules and terms of use.

Anyone may register a PEC address through a certified provider or reseller.

Starting from 2022, Italy is migrating from PEC to an EIDAS-compliant protocol, called Registered Electronic Mail. The switch over to the new protocol is being led by Roberto Reale[13] and Alessandra Antolini on behalf of AgID.


Comparison of Certified E-Mail providers in Italy
PEC provider eidas compatible 2024? Limitation
Intesi Group will be in 2024 unknown
Aruba (Actalis) partial only for customers with a Google (with some issue[clarification needed]) or Apple account
Infocert yes only for customers with a Google or Apple account
Università degli Studi di Napoli Federico II ... Only for students and other business partners
TWT no ...
Sogei n\a Only for business partners
register.it no ...
Regione Marche - Posta Raffaello n\a suppressed
Poste Italiane n\a ...
Consiglio Nazionale del Notariato no private
Namirial S.p.A. no n\a
Cedacri Cert ... ...
IN.TE.SA. S.p.A offline offline
Irideos S.p.A. (kolst) no
Notartel S.p.A.
Sogei no n\a

See also

References

  1. "Posta elettronica certificata – PEC" (in it). Italian government. http://www.lineaamica.gov.it/posta-elettronica-certificata-pec. 
  2. "IncaMail" (in it). https://www.post.ch/it/commerciale/indice-tematico-a-z/incamail. 
  3. "GovHK: Electronic Authentication & Digital Certificates". http://www.gov.hk/en/residents/communication/infosec/digitalcert.htm. 
  4. "De-Mail – einfach verschlüsselt und nachweisbar" (in de). https://www.cio.bund.de/Web/DE/Innovative-Vorhaben/De-Mail/de_mail_node.html. 
  5. "Il futuro della PEC: Armonizzazione e riconoscimento in Europa - Diritto informatico: Notizie e guide". 9 March 2018. http://www.dirittodellinformatica.it/ict/pubblica-amministrazione/futuro-della-pec-armonizzazione-riconoscimento-europa.html. 
  6. "La Posta Elettronica Certificata verso le regole europee". 24 May 2017. http://www.progettocrescitadigitale.com/la-posta-elettronica-certificata-verso-le-regole-europee-giovanni-manca/. 
  7. Zhou, Jianying; Kang, Meng Chow; Bao, Feng; Pang, Hwee-Hwa (2005). Applied Public Key Infrastructure: 4th International Workshop: IWAP 2005. Amsterdam: IOS Press. pp. 80. ISBN 1-58603-550-9. https://archive.org/details/appliedpublickey2005alet. 
  8. Lopez, Javier; Okamoto, Eiji (2004). Information and Communications Security: 6th International Conference, ICICS 2004, Malaga, Spain, October 27-29, 2004. Proceedings. Berlin: Springer. pp. 40. ISBN 3-540-23563-9. https://archive.org/details/informationcommu00lpez. 
  9. Qing, Sihan; Mao, Wenbo; Lopez, Javier; Wang, Guilin (2005). Information and Communications Security: 7th International Conference, ICICS 2005, Beijing, China, December 10-13, 2005, Proceedings. Berlin: Springer Science & Business Media. pp. 1. ISBN 978-3-540-30934-5. https://archive.org/details/informationcommu00ning. 
  10. Carlos Tico (2012). Method, a system and a computer program product for certifying that a destination email server has received an email message sent from a sender to at least one destination address. US Patent 9,742,722 B2 (2017) and EP2805455B1 (2018).
  11. "Decreto del Presidente della Repubblica 11 febbraio 2005, n. 68" (in it). 2005-02-11. https://www.agid.gov.it/sites/default/files/repository_files/leggi_decreti_direttive/dpr_11-feb-2005_n.68.pdf. "Regolamento recante disposizioni per l'utilizzo della posta elettronica certificata, a norma dell'articolo 27 della legge 16 gennaio 2003, n. 3." 
  12. "Posta elettronica certificata". Italian government. https://www.agid.gov.it/it/piattaforme/posta-elettronica-certificata. 
  13. "REM SERVICES - Criteri di adozione standard ETSI - Policy IT". https://www.agid.gov.it/sites/default/files/repository_files/documento_finale_gdl_rem_versione_1.2_28.07.2022_1.pdf.