View Single Post
Old 09-13-2005, 02:16 AM   #5
Curt Sampson
Nameless Being
 
cjs@cynic.net

Yes, I'm using PGP-encrypted e-mail on a regular basis, though only for "sensitive" information.

But using encryption on e-mail is trickier than you might think.

For example, I use it on a very limited selection of e-mail not because I'm lazy, but because I have a long passphrase (as one should!) and it's inconvenient (not to mention less secure) to be typing it all the time. I could use an agent that asks for my passphrase just once and then keeps an unencrypted copy of the key in memory for use by my mail program, but that also reduces security by exposing your unencrypted key for a longer time. (A virus, trojan or intruder would have a larger window for stealing your key.) I really ought to be using a secondary, low-security key for most e-mail, one signed by my high-security key, but that introduces its own issues.

I've also trained non-technical users in the use of encryption on e-mail, and it's hard for them. Not the mechanical actions of encryption or whatever itself, but remembering the threat model and making intelligent choices about what to do when they're not sure about something. The generally terrible user interfaces don't help, either; even I, a security professional, have difficulty making sure that the Windows version of PGP software is telling me a signature is valid, rather than invalid.

If I were looking at increasing security on e-mail, I'd do an analysis of all the threat models and try to see if there are other, easier areas where I can get some security benefits before I moved on to encryption of individual e-mail messages.
  Reply With Quote