Email is the most sensitive and private form of electronic communication. Better protect it from prying eyes. By applying strong encryption. That we can agree on. The good news: The PGP standard for email encryption has been around for what feels like forever. It is not without problems, though, as Matthew Green’s detailed analysis points out.
Now noted cryptographer Moxie Marlinspike has joined the discussion with a rather pessimistic conclusion, yearning for the days when PGP will be gone from his life.
Maybe that is going a bit too far.
Let’s not forget what we have in PGP:
- It’s been around for a long time, so it’s cryptographically well understood. It is one of the very few crypto standards that we can reasonably assume to be practically unbreakable.
- There are a variety of implementations and there is a small but vibrant and highly committed developer community.
- A small but active and committed user community.
- It works in a federated system such as email. Systems such as TextSecure and iMessage are centralized services for ephemeral communication that don’t work in a decentralized, per domain architecture. This is probably unacceptable for corporate use cases where hosting your own server and data-retention laws are must-have requirements.
- Unlike chat, email is offline, asynchronous by nature, and incredibly sticky. That brings completely different requirements for encryption, which the suggested alternatives like the TextSecure protocol don’t solve.
Now let’s look at the problems that people point to. And, yes, these are real problems and also the reason why adoption is not more widespread:
Usability. Especially the installation, where I need to integrate my email client with a PGP add-on and a crypto toolkit and where that takes me several hours with an uncertain outcome. Not for the faint of heart. Nor for corporate users without admin privileges.
Lack of mobile device support. What good is email that doesn’t show up on all my devices. Of which the modern user typically uses more than three during the day.
Manual key management. Where to story my keys. How not to lose them. How to acquire keys for other people. Yes that can be tricky and prone to error. Even Edward Snowden himself fell victim to that.
Lack of forward secrecy. If my private key is compromised tomorrow an attacker will be able to read all of my past messages.
Outdated crypto primitives. Since the OpenPGP standard has grown over time, there are multiple cipher suites and packaging format that a client needs to support. This makes the protocol quite complex.
Lack of meta-data security. Sender, recipient, date/time, and the subject are all transmitted in the clear.
At least some of theses challenges can be addressed without reinventing the whole wheel.
We are developing a consumer-grade, mobile-first email client that has everything in one package. Easy to install, easy to use. And with no software to be installed on your PC and all traffic tunneled via HTTPS also ready to go for a corporate environment.
We make the client available on all relevant platforms, desktop, Chromebook, Android, iOS, Windows phone.
And we offer an integrated key management that makes the whole process invisible to Whiteout users while still supporting interoperability with existing PGP/GPG users. More here.
Take a look at Whiteout Mail here: https://whiteout.io/.
It also seems that we’re not alone in our commitment to PGP. The recent strong reaction from the community and the industry to the reports that key developer Werner Koch was running out of money is encouraging.
How Do We See the Future?
In order for public key discovery to become transparent and somewhat reliable, there need to be a federated and reliable key infrastructure. Werner Koch made an interesting suggestion here to use the DNS system. That way mail providers could validate uploaded keys, which would give PGP client apps a reliable source of keys. Other projects are working on making the key distribution itself more reliable than the unauthenticated write-only storage HKP servers are currently. Applications could hide public key discovery completely from users which would allow for a UX that is similar to iMessage or TextSecure without throwing the whole SMTP/MIME transport layer overboard (which is likely to stay with us for the next 10-20 years).
And while we do agree that there needs to be a standard for email encryption that goes beyond PGP we believe it will be quite a while before we will have a robust alternative. Early efforts such as Dark Mail, TextSecure and others, may be important contributions, but it still feels like early days.
In fact, when we consider the key requirements for email, among them decentralized deployment and administration and the ability to store old conversations and to access them from any device, the new standard may just turn out to be very similar to SMTP and PGP.