[Cryptography] Size of the PGP userbase?

[Christian Huitema]

> Takeup of PGP and S/MIME seems to be very much like takeup for IPSEC.
There are some big 
> intranet deployments and possibly a few extranet deployments.
> 
> What is the gap we have to close to turn this on by default?

There is probably more than one gap. In fact, I see five fairly big issues:
getting your own certificate, getting the right software in your mail
client, getting the certificates of your peers, managing multiple computers,
and working with web applications.

With PGP, getting a certificate translates to installing the PGP capable
software. Last time I tried it involved downloading GPG. With S-MIME, it
involves finding the well hidden security menu in Outlook, which then points
to series of certificate providers. Then, finding a provider you like,
paying the required fee, and again finding the right menu to have the
software installed in Outlook. In short, in both cases it requires jumping
through hoops.

Outlook has S-MIME built in, but if you want to use PGP you have to use a
plug-in. That means finding an adequate plug-in, paying for it, downloading
it, and making sure that it is kept up to date. 

With PGP, the list of peer's keys is managed in the local key ring. There
are good reasons for that, but it is a different management than the address
book. That means using different procedures to find keys, import them, etc.
I have no idea how to do that for S-MIME.

Mostly, I use Outlook. But I use Outlook on 3 different computers and on a
smartphone. If someone sends me encrypted e-mail, I currently decrypt it on
exactly one of these computers, mostly because I did not bother install the
PGP plug-in on the other ones. Even if I did, I would have to copy my
private to each of those. 

Then there is the little problem of mail clients. How exactly can I use one
of these without providing my private key to the service?

Some of that could be fixed rather easily. For example, it would not take
too much effort to have an S-MIME option to use self-signed certificates, or
an option to add the peers certificates to the address book entry. It would
require somehow securing the address book, but that's necessary anyhow --
why bother spoofing the key if you can spoof another field, e.g. a subtle
typo in the e-mail address? 

Replicating the certificate to multiple email clients probably requires some
secure storage on a server, but that can certainly be done. It will require
work, and integration with the mail client.

The web part is the hardest. I could see something like the javascript
crypto API loading the private key from a secure server, and providing a
service to the mail clients, but the details can be very hard to get right.

-- Christian Huitema