Rakkhi posted a great Lessons Learned on implementing email encryption:
The post got me thinking because I struggle dealing with subcontractors getting encryption. I refuse to send sensitive or even somewhat sensitive data over unencrypted links, but find that small (and even midsize companies) do not have the resources to implement. In a bind I have trained them on installing GnuPG and doing trusted exchanges, but the same pitfalls occur.
I am going to build off Rakkhi’s list, but here are my reasons for calling it…PGP/GPG is dead
- Client App PGP Encryption – Anything not Outlook 2007 on Windows, Apple Mail 10.5, or Thunderbird on Windows…sucks…The moment a user has to open a separate program to encrypt their mail it is utter fail. A button to push on the toolbar is the only way this will actually happen. The only half-way acceptable implementation of this Enigmail on Thunderbird since it is seamless in clicking a button and putting your pass phrase in.
- Mobile PGP Encryption – Rakkhi narrowed it down to Blackberry support sucking, but name for me one platform that has a clean implementation of mobile email encryption using PGP. The problem is the app stores have cut out the option to do low-level kernel implementations or rewrites. I have seen implementations that allow the user to type into a notepad and have PGP encrypt that text file and then attach that to an email. I got tired just typing that, can’t imagine doing that on a mobile phone. Oh and it requires cut-n-paste so sorry Windows Phone 7 :)
- Key Exchange – There is no WoT (Web of Trust) in PGP like we have in the certificate world. I won’t give any names, but in the implementations I have done it will be 2 admins calling up and reading off the last few strings of the key. “Yep thats me” If you are doing it right then good for you, but I imagine there is a lot of enterprises running their entire email encryption framework with something that started with 2 dudes calling each other on unclass links
I could write a whole post on recommendations for fixing all this, but I just can’t see doing it. Move to S/MIME encryption with certificates. If your business is less than 500 users then just hook-up with one of the trusted roots and have them issue each user a cert or if you want to get fancy then get your own root. Either way all of the above problems go away with certificates. So this doesn’t come off as I hate PGP I will post some good things (mom always said end on a good note):
- Whole Disk Encryption – PGP has simply the cleanest and easiest WDE for Windows/Mac/Linux. On my macbook I can have a time machine external drive that is encrypted and works great. My backup is secure in every form from the machine to the backup drive…very nice product
- File Signatures – Signing files with certificates sucks. PGP is so much easier and we use it extensively for our Linux development
- Development Tools – On the Linux side of the house the tools for developing around PGP/GPG keys is extensive and well implemented
I started this post with the title of PGP is Dead, but I will end with PGP Email Encryption is Dead. There is some residual good stuff that comes with the technology.