Is email encryption practical enough?

9

3

All emails I have ever sent were sent as plain text. Like postcards, everybody on the way to the addressee could easily read and store them. This worries me. I know privacy is something of the past, but encrypting email is possible, at least in theory. However, I wonder whether it is practical enough.

Is there anybody who has experience with email security? Is it easy to set up? And can you still send and receive email from all you friends and acquaintances?

Dimitri C.

Posted 2009-09-01T12:45:33.443

Reputation: 2 232

Answers

12

Very unfortunately: No.

Mail encryption usually means public key encryption. This involves the recipient to have a public key published somewhere - this can be used to encrypt emails. That key then has a secret pair - a private key that can be used to decrypt the emails.

For mail encryption to be practical, the email client would have to be able to:

  1. When sending email, automatically fetch the public key of the recipient to encrypt the messages.
  2. When receiving email, fetch the user's private key from a designated server, preferably this would be whoever is providing the email service (usually the ISP).
  3. When setting up the account, automatically create and store the private key.

But the bigger problem here is the infrastructure. For this to happen, there would have to be:

  1. A widely used, standard way of publishing a public key associated with an email address (and this method would have to be secured via certificate system so that a third party couldn't mess with it too easily).
  2. A widely used, standard way of automatically creating a private key for an email address and storing it on a remote server accessible by a standard way. Preferably this server would be part of a normal service from the email provider. This server's address would then be entered as a normal procedure on the account settings of the email client, just as incoming and outgoing email servers are entered nowadays, after which the client could handle all the hassle with keys.

Another problem is that most email clients would have to be able to handle the decryption, and most email providers would have to provide the key service, for the system to be effective. Encryption needs full support at both ends of the communication. But I don't see this as that big of an issue. If an easy and practical standard appears on some clients and servers, they could advertise "we support the secure email standard", and others would probably follow suit.

Also the user would have to be notified about whether a public key is available for the recipient. A good approach would be when adding a recipient, showing a common secure symbol, like the padlock or the blue glow used in SSL/TLS connections with web browsers.

Of course, an alternate private key server, or even just a key file, could be configured to the email client so that the more paranoid user could store his/her own keys wherever he wants. For the rest of us, the email provider could still read the emails as they store the private key - but this would still make communications very secure. After all, security is often about who we can trust.

Honestly, I really don't know why this hasn't happened yet. It's not that complicated. Get on with it already!

Ilari Kajaste

Posted 2009-09-01T12:45:33.443

Reputation: 3 282

@PeterMortensen - why did you make such minor edits to a decade old question? It pushes it to front for no reason. – lx07 – 2019-08-31T18:28:44.233

2Great answer; I think you pretty much nail the reasons why it really isn't widespread now. (Years ago I was much into PGP/GPG, and really liked e.g. KMail's built-in support for it. But even I, as a CS student, had very few people with whom I could have encrypted email exchanges. Like you say, we'd need to have most people using clients that fully support it, etc.) – Jonik – 2009-09-02T10:46:12.053

1Nice answer! "I really don't know why this hasn't happened yet": because most people don't give a damn about privacy. Just look at the internet, where people publish every detail of there life. – Dimitri C. – 2009-09-03T06:50:42.663

@Dimitri: Yeah, unfortunately you are probably right. But even though users don't care, I'd hope the infrastructure and developement people would. The system I detailed would be pretty much transparent to the uninformed user anyway. – Ilari Kajaste – 2009-09-03T07:02:07.400

I think a lot of it is because email is nearly as old as the Internet itself and such a complicated work-around is needed to layer on-top of existing technology. If we moved to delivering messages over something like XMPP we could avoid all of this, and use something similar to SSL for the transfer itself. – salmonmoose – 2009-09-06T23:35:21.047

@salmonmoose: Yeah, email is seriously outdated, and SSL transfer through all links would be a nice addition. However, that would still allow a intermediary mail server to read the emails. By the system I described, only the ISP's at both ends would be able to do that, and even that could be averted within the same system if the recipient goes through the hassle of setting up her own private key file/server. – Ilari Kajaste – 2009-09-07T07:18:48.980

I would like to participate in a design thread on this. My idea is that there would be an email framework that would be used by email clients that would handshake the keys across. No 3rd party key servers. First email to a compatible client would start with a roundtrip public key exchange, then the payload would be encrypted and sent. Subsequent emails to same clients would not require the handshake. Someone must have thought of this? – P a u l – 2009-11-01T23:51:06.310

Paul: But wouldn't that still make it mandatory to exchange the handshake without encryption or validation, in case the two recipients have never "met"? If there's no trusted 3rd party to validate this exchange, how can the exchange itself be trusted? A man-in-the-middle, or rather a malicious email server in the middle, could be presenting themselves as the other party of that handshake, even for both parties, effectively intercepting the communication transparently. Probably couldn't hide very long, since email might take an alternate route, so it's still better than nothing... – Ilari Kajaste – 2009-11-02T11:58:29.460

7

Yes, it is practical (PGP is not arcane science), and it is recommended. And of course you are still able to send and receive unencrypted emails.

And if you're looking a free secure web-based email service, sign up with Hushmail.

However, if everybody does it, certain TLA agencies will run out of funding very soon :)

Molly7244

Posted 2009-09-01T12:45:33.443

Reputation:

1I like the idea, however it needs a clique of people who will actually setup PGP (for example, what use is a video phone when people I call do not have the hardware? This is changing, but will secure communication get that popular as fast?). – nik – 2009-09-01T13:04:19.643

1I think the idea of PGP Signatures is a bit more practical -- but, it solves just the identity problem and not solve the privacy problem. – nik – 2009-09-01T13:05:36.273

what do you mean it doesn't solve the privacy problem? put that tinfoil hat away, there is no backdoor in PGP encryption. :) – None – 2009-09-01T13:20:22.893

Signing e-mail is not the same as encrypting it. Signing solves the identity problem (who sent it), but it doesn't keep the contents secret. – Michael Kohne – 2009-09-01T13:33:21.780

PGP keys can be used to either sign a message, encrypt a message, or both.

To sign a message to bob, alice will use her private key, and bob can verify it using Alice's public key.

To encrypt a message to bob, alice will encrypt it with bob's public key, and bob will use his private key to decrypt it.

Most pgp messages first sign the message, and then encrypt it, providing a reasonable guarantee that the message is authentic and private. – Keck – 2009-09-01T13:57:42.257

6

In my mind there's not enough people using e-mail encryption to make it usable except in special circumstances (or certain groups of people). Signing your e-mails, on the other hand, doesn't come with any compatibility problems, so that's probably useful, if you care.

The biggest problem with encryption is still initial key exchange. I don't know of anyone who's really solved that problem from a usability standpoint.

Michael Kohne

Posted 2009-09-01T12:45:33.443

Reputation: 3 808

1this is a drawback indeed, you can never be 100% sure whether your key has been compromised or not unless you arrange for personal exchange where applicable. – None – 2009-09-01T14:02:26.880

2You can use keyservers for key-exchange. That let you get the key very simple. After that you should validate the identity of the other side, i.e. sending an encrypted mail and asking on the next personal meeting, if that worked. – Mnementh – 2009-09-01T14:09:02.097

1true enough. in terms of security there are certain methods that are close to (but NEVER equal to) the personal exchange of keys. – None – 2009-09-01T14:27:22.643

@Mnementh: If you are going to have personal meetings, you might as well just use them for key exchange. No need for a keyserver, then. Keyservers are nice, but you end up having to trust something else, somehow, in order to use them. That's where I get nervous. – Michael Kohne – 2009-09-01T16:17:26.340

Not to rehash an old turkey but...If you are going to trust a web based email client you may as well trust a web based keyserver to enable email encryption. Don't waste your time with key exchange, that problem was solved by public key encryption. Just use random session keys, symmetric ciphers, and share the nonce keys with PKE. – Cris Stringfellow – 2012-02-14T10:41:24.283

4

I agree with Molly above but have a lot to add. PGP (or GPG if you want something freeware) is very easy to use, and works with many standalone mail clients. That said, it won't work with email that you use in-browser (as far as I know) and both people need to have the same (or at least interworking) package installed.

This is not difficult, but convincing others to install it and use it can be hard. I know I tried a while back, and nobody would follow along.

Joshua Nurczyk

Posted 2009-09-01T12:45:33.443

Reputation: 2 316

1You don't need the other side to install stuff, but you can only send encrypted mails to others installing also PGP/GPG. At least you can send them signed mails. But with installing PGP/GPG you lose nothing and others already encrypt their mails can you now send encrypted mails too. – Mnementh – 2009-09-01T13:13:52.120

it does work to an extent. you can encrypt a message with PGP and attach it to an email to be sent via a web-based email service – None – 2009-09-01T13:23:38.177

I think I saw a Greasemonkey script which could be used to encrypt the text input field in a web e-mail application. Or was it a Firefox plugin? Go Google if you're interested. :-) – Deleted – 2009-09-01T21:23:51.217

2

In my opinion, S/MIME is, at the moment, more practical than PGP because its trust model is more clearly defined, because it's already supported by popular email clients, and because key distribution is built into the protocol.

PGP has such a loosely-defined trust model that the average user won't bother getting their key signed (or checking key fingerprints), and it becomes useless for verifying identity. The PGP concept of a "chain of trust" also starts to break down in large communities (like the world) unless there are enough individuals that spend their lives traveling from key signing party to key signing party linking together neighborhoods.

S/MIME with X.509 is more practical, because once you've proven your identity to a central organization like Thawte or CACert, your key is immediately trusted by everyone.

I like CACert right now, because it's an non-profit organization that offers keys for free, but its root is not currently distributed with most computers and web browsers. Either way, installing a root is much easier than setting up and maintaining a PGP install.

(For the super-paranoid, of course, PGP is superior because there's no central organization with the power to issue a duplicate key with your name and email address to a shady TLA.)

s4y

Posted 2009-09-01T12:45:33.443

Reputation: 3 469

2

One other thing to add to everyone else - if an endpoint is compromised, all bets are off.

For example, if you send an encrypted email using a perfect encryption scheme to a friend, but your friend uses a spyware/trojan infected computer to check his mail, there's nothing keeping your emails confidential at that point in time.

Similarly, if your own computer is compromised, every email you send and/or receive is potentially public.

Shane

Posted 2009-09-01T12:45:33.443

Reputation: 957

For email to be secure, it cannot be stored locally on the client side. – surfasb – 2011-03-20T14:47:13.363

@surfasb, sure it can be stored locally... in encrypted form – JoelFan – 2011-06-02T20:20:34.223

1

I disagree concerning the practicality simply because in order for the message to remain secure, the recipient must be using a secure email system and the transmission between email servers would also need to be secure. If you have a specific recipient and you're able to work with them to meet these challenges, then it can be done but for a wholesale transition to encrypted email, it isn't practical.

DGivens

Posted 2009-09-01T12:45:33.443

Reputation: 174

3Actually, secure transmission isn't required, just initial secure key exchange. If you can exchange keys securely, AND we assume that the encryption algorithm has exploitable flaws, then it doesn't matter if the intervening networks are secure or not - only the recipient will be able to decrypt the message. – Michael Kohne – 2009-09-01T13:35:10.653

1I agree with Michael Kohne. The whole point of encrypting the mail is to send it over an unsecured and probably compromised channel. Only the endpoints have to be secure. With desktop-mailclients that means the computers of both communicators aren't hacked. With web-mail also the webmail-server and the communication to the website have to be secure. – Mnementh – 2009-09-01T14:06:34.143

1

Another option is Voltage SecureMail. It uses Voltage IBE (Identity Based Encryption), which is considered the next generation of PKI that doesn't require certificates for the public key...just an email address.

Voltage SecureMail has Outlook plug-ins or a web interface for sending encrypted email. Messages are completely controlled by the sender and recipient. No messages are stored on servers.

Recipients don't need any special software to decrypt and read their messages. It's much easier to use than PGP or SMIME and just as secure.

Try it at: www.voltage.com/vsn

Doug S.

Posted 2009-09-01T12:45:33.443

Reputation:

0

The main problem is that you've got to convince your correspondents to use the same encryption scheme. This is quite impossible, as no one wants to put effort in enhanced privacy. My guess is that email messages will always be sent unencrypted, regrettably.

Dimitri C.

Posted 2009-09-01T12:45:33.443

Reputation: 2 232

Asked: 2009-09-01T12:45:33.443

Viewed: 881 times

Active: 2019-08-31T17:44:18.263