Secure mail: Whom do you trust?

By Paul Hoffman
Network World, 01/10/00

More people are using e-mail to send mission-critical information such as contracts and corporate reports. Yet secure e-mail has not yet taken off among users. Why?

The lack of security can't be blamed on technology. S/MIME, a way to secure your messages, is built into many popular mail clients such as Outlook and Netscape, but rarely is it employed. Although there are several reasons for this, trust ranks the highest.

Here's the problem. To send a private message to others, you need to know their public key. This lets you encrypt the message. You get their public encrypting key from their third-party certificate, which in essence says "the person at someone@example.com has the public key whose value is a34d9ca." However, somebody might substitute his own public key into the certificate and you would end up writing "private" messages that the he could read (and the intended recipient could not). This is clearly a violation of trust.

A similar scenario is used when creating digital signatures. In this case, you use your own private key to sign, and the recipient checks this against your public key. You have to hope that no one has forged a certificate with their own public key and your name. Otherwise, they'll be able to sign something such as an electronic check. Again, the trust is broken.

The value of digital certificates is that they certify the linkage between the name (in this case, it's the e-mail address) and the public key. A certificate is digitally signed by someone else who you trust, or it is signed by someone who is trusted by someone you trust, or it is signed by someone who is trusted by someone who is trusted by someone you trust. You can likely see the problem by now.

When you start using public key cryptography, you have to buy into a public key infrastructure, commonly known as PKI. You must say that you trust someone to create certificates that you can use to encrypt mail. Similarly, if you are using S/MIME to create digital signatures, the recipient of your messages has to trust the same person you did so that he is sure your certificate is valid. Technically, this is easy. But in practice, it is very difficult because we don't know who to trust.

Well, that's not completely true. If we have been told by our bosses or by the government "you must trust X", we'll trust X. But in the world of e-mail, there isn't anyone who has proven to be perfectly trustworthy, certainly not with our company secrets and our signatures. Even the big public certificate authorities like VeriSign and Thawte are chosen by default, not because the general public or corporations have an inherent trust in them. A good way to test your trust of such companies is to ask: Would I trust anyone they trust to sign a certificate, or only trust them? If you picked the latter, you can see the problems of a multilevel PKI hierarchy.

Without a good PKI, you can't have ubiquitous secure email. You can get security within your company (and many companies are using S/MIME today for intracompany mail), but you can't go outside your circle of trust.

The PGP world has tried to break this logjam with their "web of trust" PKI model, but the amount of PGP mail you see today is nearly as tiny as the amount of S/MIME mail. PGP has dedicated supporters but no significant share of the software market. S/MIME has market share but is not widely implemented.

Incidentally, the web of trust PKI can work just as well with S/MIME as it does with PGP, but S/MIME manufacturers haven't bought into it, and probably won't. It's much easier to describe a well-controlled hierarchy such as the one common to all S/MIME implementations.

However, because there seems to be a wall preventing rapid S/MIME adoption, some manufacturers are starting to look at alternative PKIs.

Unless something happens in the PKI world to build up trust, it's not likely that we'll see widely deployed secure mail any time soon.