7

jwz -

Netscape 4.0 was not my fault. During that dark period, I worked with Lisa Repka on S/MIME, Netscape's implementation of the then-new standard for cryptographically secure email. At the time, I was very glad that we managed to ship this before the U.S. Government had gotten around to making it illegal for us to do so. (And yet, all these years later and still nobody ever encrypts their email...)

This makes me wonder, why don't mainstream email clients (Apple Mail, Thunderbird) encrypt our mails by default?

Sathyajith Bhat
  • 62,374
Vaibhav Bajpai
  • 563

2 Answers2

9

Because it's not trivial for users.

E.g. I have a lot of different work places with different clients (gmail web interface, thunderbird on my notebook, kmail on home desktop, gmail on android device), and this is not uncommon even for non-technical persons. And I have a lot of questions and have to pay a lot of attention for my private/public keys (if I want to encrypt e-mail):

  • How do I sync my private keys between them?
  • How do I invalidate compromised key?
  • How do I ensure that everyone I'm sending email to have my public key?
  • How do I remove my keys from lost/stolen phone?

And so on. There is no simple solutions for this problems, and I can't imaging simple, reliable and compatible with standarts solution even theoretically.

rvs
  • 293
8

A few problems:

  • Two competing standards: OpenPGP versus S/MIME & X.509. You can't use both in the same message.

  • Encryption requires all recipients to have "certificates", and you to have the certificates of all recipients.

    For S/MIME, email certificates are somewhat difficult to obtain (especially for free), and often require renewal every year – if not every month. Self-signed certificates are possible, but you get the same problems as with HTTPS: they're impossible to verify against any known authority. There is also no common location for obtaining another person's certificate.

    OpenPGP certificate creation is always done by the end user, and there are public directories called "keyservers" along with ability to put the certificates in DNS. But automatically retrieved keys must somehow be verified that they actually belong to the recipients, otherwise encryption is pointless (as anyone can create and upload a key with any label). This verification requires understanding of key signing and web-of-trust, which many users just don't bother with.

    (Certificates in DNS, whether they are OpenPGP or X.509, can be verified with DNSSEC, but that combination is very uncommon. How many people you know who manage their own domain name rather than using a @gmail.com? How many of those even know that they can put a PGP key in DNS?)

  • Encryption is not very useful without signing (to ensure that the sender address is not spoofed), and then you have the above problems in the opposite direction, too: all recipients must have your certificate in order to verify the signature.

  • Most people just don't see the need to encrypt their mail.

    • "There's no reason hackers would attack my mailbox."
    • "I have nothing to hide."
    • "What do you mean? I already have a password on my PC."
grawity
  • 501,077