[Cryptography] Size of the PGP userbase?

Joe St Sauver joe at oregon.uoregon.edu
Thu Dec 12 20:53:24 EST 2013 

Christian commented:

#There is probably more than one gap. In fact, I see five fairly big issues:
#getting your own certificate, 

For technical users, one-off, if you aren't concerned about higher LOAs,
this is very doable (e.g., see the free Comodo client certs available at
http://www.comodo.com/home/email-security/free-email-certificate.php )

#getting the right software in your mail client, 

Most POP/IMAP email clients (e.g., Thunderbird, etc.) come with integrated
support for S/MIME

#getting the certificates of your peers, 

In the traditional S/MIME model, those certs are automatically bootstrapped
when you receive an S/MIME-signed email message.

#managing multiple computers,

It is admittedly a pain to export and reimport the same cert to multiple
hosts (or even multiple trust stores on the same host); I think there's a 
lot to be said for USB-format PKI hard tokens or smart cards for that sort
of scenario (it also handles the case where multiple people share a single
system, as they might in a computer lab)

#and working with web applications.

Are you thinking of web email, or something else? If you're thinking of
web email, Penango does an amazing job of integrating with Gmail, for
example.

All that said, I do think that there ARE some real operational issues
when it comes to using client certs:

-- Issuing and installing certs on an automated basis/*at scale* (e.g.,
   you don't want 10,000 students all going to the get-a-free-Comodo-
   cert page during student orientation to provision a cert!)

-- Managing non-enterprise environments where the same cert isn't used 
   both for signing and encryption (hypothetically, imagine a situation 
   where you have an escrowed personal cert for encryption, and a 
   non-escrowed cert for non-repudiable signatures -- this breaks the 
   normal S/MIME send-a-signed-message-to-get-the-key-you-need-to-encrypt
   model)

#With PGP, getting a certificate translates to installing the PGP capable
#software. Last time I tried it involved downloading GPG. With S-MIME, it
#involves finding the well hidden security menu in Outlook, which then points
#to series of certificate providers. Then, finding a provider you like,
#paying the required fee, and again finding the right menu to have the
#software installed in Outlook. In short, in both cases it requires jumping
#through hoops.

Getting a personal cert for onesie-twosie users is currently free and doable
if the user is technically inclined. See "Client Certs and S/MIME Signing
and Encryption," http://pages.uoregon.edu/joe/maawg24/maawg24.pdf at slide 
35.

#Outlook has S-MIME built in

Correct.

#With PGP, the list of peer's keys is managed in the local key ring. There
#are good reasons for that, but it is a different management than the address
#book. That means using different procedures to find keys, import them, etc.
#I have no idea how to do that for S-MIME.

In the traditional S/MIME model, you get the public key you need to encrypt
outbound traffic when you receive a signed email messasge inbound.

In an enterprise S/MIME model, the required cert might also be available
from an enterprise directory.

#Mostly, I use Outlook. But I use Outlook on 3 different computers and on a
#smartphone. If someone sends me encrypted e-mail, I currently decrypt it on
#exactly one of these computers, mostly because I did not bother install the
#PGP plug-in on the other ones. Even if I did, I would have to copy my
#private to each of those. 

The S/MIME solution to using four different devices is to export the client
cert and private key from the original device, and then re-install it on
the other three devices (or you can use a USB format hard token or smart
card, although use of a hard token or smart card with mobile devices can
be difficult/expensive (e.g., you may need to use a "sled"))

#Then there is the little problem of mail clients. How exactly can I use one
#of these without providing my private key to the service?

In the S/MIME case, the private key resides on your laptop or other local
device (or the hard token or smart card).

#Replicating the certificate to multiple email clients probably requires some
#secure storage on a server, but that can certainly be done. It will require
#work, and integration with the mail client.

You can see the normal process for exporting a client cert from Firefox and
importing it to Thunderbird (for example) beginning at slide 42 in the 
previously mentioned slide deck.

#The web part is the hardest. I could see something like the javascript
#crypto API loading the private key from a secure server, and providing a
#service to the mail clients, but the details can be very hard to get right.

Check out Penango (free for free Gmail accounts). It's pretty impressive 
to see how it manages to interoperate with Gmail.

Regards,

Joe

More information about the cryptography mailing list