Comments on: More on Email Encryption

By: Jim

Jim — Fri, 17 Nov 2006 13:55:08 +0000

Good pair of articles. I use encryption for many mails, but only to a few other people keen enough to go through the hassle you describe. For me the biggest issue is Outlook. I was using Thunderbird for ages, and its Enigmail plugin as, as you say, very easy to use (although generating the key pair in the first place isn’t something I’d ask my grandmother to try). But Outlook’s PGP support is, surprisingly, sparse. Previously I’d used gpg4win, but at time of writing it has been impossible to get a clean download of the any of the available versions. I ended up using a commercial tool (PGP Desktop) for the first time (although I did manage to get it to accept my existing keys which I’d generated using Puttygen.)

By: Dan Eno

Dan Eno — Mon, 22 May 2006 20:19:25 +0000

I’ve been using MessageLock, which uses zip file encryption to protect email. Its the easiest thing I’ve found to send those “one off” secure emails, or to regularly secure a few addresses. Cheap and easy, something PGP is not.

By: Steve

Steve — Thu, 04 May 2006 17:46:21 +0000

Isaac,

You are right. It is cumbersome. PGP using free tools is pretty involved using anything but Thunderbird and Enigmail in my experience, and even s/mime using Outlook changes the user experience.

The real problem is that someone else reading your mail is an invisible threat. It’s harmless in terms of direct consequences for most people – unless perhaps you’re sending child porn or something – so they don’t think it’s “necessary”.

I believe that it can be made to be simple, but it’s going to take buy in.

In any case, the evidence of non-use is clear – the two companies I’ve contacted about setting up PKI, Thawte.com and Verisign.com don’t seem very responsive.

SSL certs seem to get much more attention.

However, one company I work with has requested that all comms with them be encrypted. I’ve requested it of others. We’ll see how it goes.

By: Isaac Garcia

Isaac Garcia — Thu, 04 May 2006 17:35:12 +0000

Great collection of writings on Secure Email. I’ve recently been taken to task by many people claiming that I falsely represented the complexity of using secure email. The fact of the matter is that it IS cumbersome and complicated for the “average business user” to use Secure Email protocols.

I’m not an email or encryption expert, but I can speak from experience that I am an advanced technology user (power user by any comparison) and I’ve never run into anyone else using digital signatures in email, etc (even in the Enterprise companies I’ve worked at in the past).

Let me be clear….so that I don’t get flamed on this blog as well……I’m not stating that Secure Email is ‘stupid’ or that it doesn’t exist…I’m simply stating a very real fact that very few people use it (outside of government agencies, enterprise companies and Closed Notes/Domino Environments).

The very fact that it took you several posts to describe the ins and outs of your secure email experience is testimony enough that its NOT for the “average business person” yet.

Its sad and unfortunate, but true.

By: A Visit To Lornitropia » Encryption: OpenPGP vs Digital ID

A Visit To Lornitropia » Encryption: OpenPGP vs Digital ID — Thu, 04 May 2006 16:30:32 +0000

[...] Note: Since writing the article below I’ve found that many things I wrote were incorrect. I have corrected them here. [...]