I have a number of thoughts in mind, which will likely turn into posts, and they are all leading up to a bigger unified thought. This is one of them.
PGP / GPG email encryption is a good thing. It’s a pretty secure system, and the public registries of public keys makes it easy to communicate securely with someone new, with a reasonable amount of trust. One major issue, which I think most people identify as the biggest issue with PGP, is that the popular mail programs don’t support it out of the box, or don’t support it well.
It would be great if every major e-mail program (Outlook, Mail.app, GMail, YahooMail, MSN Mail, etc..) all had built-in support for PGP, and could auto-create public/private key pairs, and upload the public key to the key-server automatically, etc…
And any time you were sending e-mail to someone who had a public key in the key-server, it would ask if you wanted to encrypt it. I also like the idea of auto-signing even non-encrypted mails, and you could then use the signature to validate that sender listed in the from or reply-to headers, actually sent the e-mail. If they don’t, you know it’s very likely to be spam (more on spam later…).
Implementing this using the OpenPGP RFC as a standard really wouldn’t be that hard. There are open source implementations in use today. And tons of available libraries to handle all the heavy lifting. I honestly don’t know what’s holding companies back from this. It would be very easy to do right, and aside from the privacy gains, the usefulness in other areas, like fighting spam, and being able to have some legal trust weight to verifiably signed e-mails, seems like a win-win situation. I’m going to leave my tin-foil hat off for now, and attribute the lack of this being in place to short-sighted non-standards embracing companies, and not governmental pressure.
However, the other MAJOR issue I see with PGP is this: key-pairs are associated with e-mail addresses. There is ideally a one-to-one relationship between e-mail address and PGP key-pairs. In practice this doesn’t work out all the time. I have, over time, had three different key-pairs linked with my primary e-mail address. I’d set one up, then over time stop using it, get a new computer, lose the old private key, and then have to create a new key-pair. So over time it became a one-to-many relationship, which as you can imagine, poses issues. This is just a side effect of the real issue. A PGP key-pair is meant to represent an individual entity (person or virtual person (such as a corporate e-mail address)). Signing something with my private key means that I signed it, not someone else. Message encrypted to my public key, should only be readable by ME the entity. So here is the issue.
People do not have a one-to-one relationship with e-mail addresses.
Currently I, the entity, have about 10 different e-mail addresses. In the past, I have had perhaps 10 other e-mail address, which I no longer control. This means that in order to be able to read all my current and archived mail, I would need to keep 20 private keys, forever.
Going the other way, many families share an ISP e-mail address. Obviously this is becoming less prevalent with the introduction of effective free solutions for e-mail, like GMail, however, it is still, and will continue to be an issue.
The relationship between entities and e-mail address is many-to many. This means that the relationship between entities and pgp key-pairs is many-to-many as well. This is a fundamental flaw in the implementation of PGP as a privacy and signing mechanism.
Tune back to learn how I think we should fix this….
Leave a Reply