Securing e-mail can drive you mad
David Strom Special to The Daily Yomiuri
The state of secure Internet e-mail standards and products is best described as an open chest wound. This is because there are no technologies that are multivendor, interoperable, and approved or endorsed by the Internet standardization bodies.
That is the sad state of reality today. Recently, I have been working with several of the latest products, and, after testing them, I felt like I had to go home and take a long, hot shower to cleanse myself of an imagined putrid odor. Why are things so grim? Several reasons.
First, the so-called standards are in a state of flux. There are two different sets: one called Secure MIME (S/MIME) and another based around a product called Pretty Good Privacy (PGP). Actually, they are not standards in the typical Internet context, because neither set has yet been properly endorsed by the requisite international standards bodies.
You know that things on the Internet have changed when you go to the S/MIME Central Web site and find banner advertisements there.
Second, the products suck, to put it mildly. I had trouble up and down the secure product food chain. I started by trying to obtain a certificate to my e-mail software and ending up trying to exchange encrypted messages between different products. Certificates are used by all products to authenticate your identity to your correspondents and to encrypt and decrypt your messages.
To make encryption work, you need to be able to trust each other's certificates and determine whether they are valid.
Of course, there are different mechanisms for establishing this trust relationship. One way is to use an independent certificate authority such as Verisign and Thawte.
The latest browsers from Netscape and Microsoft come with special routines that will take you to these and other Web sites and allow you to get a certificate, either for free or for a small fee. Once you have certificates, they will verify your identity.
But getting your certificates in order is just the beginning. To make encrypted e-mail work, you have to go through a rather complicated multiple-step process:
* Choose which of the two competing technologies (and specific e-mail software) you wish to use for your encrypted correspondence.
* Choose whether you want to just sign your messages digitally, encrypt their entire contents or both.
* Choose either an enterprise certificate authority and set up the appropriate server software, or obtain a certificate from a public authority.
* Enroll with the certificate authority and obtain an encryption certificate or key for a particular machine and a single e-mail address.
* Exchange keys with your correspondents, and manage where these keys are stored on your machine.
* Encrypt and decrypt messages.
I had all sorts of trouble getting two different products to recognize each other's encryption methods, directory entries, and other things that are supposedly "standard."
This brings me to the next issue: Setting up the initial software is excruciating. In one case, I could not get the certificate to work properly from within my browser, even though the software said it worked successfully and my credit card was charged with the requisite 9.95 dollars!
To add insult to injury, Verisign will continue to charge me 9.95 dollars per year, unless I can get this certificate canceled or working. So far, I haven't been successful in getting the certificate revoked, despite repeated calls and e-mails to the company. That is not good.
Third, cryptographic algorithms have gradually evolved over time, as computers have got better at cracking them. The U.S. government has muddied the waters by placing restrictions on what kinds of algorithms can be exported outside the United States.
As a result, products have to offer different versions: one for domestic and one for non-U.S. use.
In addition, government agencies disagree over how to encrypt messages. This has created all kinds of confusion, and trying to keep track of which version you can use legally is a chore for user and vendor alike.
Fourth, encrypted messages that pass through e-mail gateways may get mangled. If the gateway does not understand the encoding and tries to convert it into something else, it can inadvertently corrupt the message, making it indecipherable to the recipient.
To make matters worse, today's messages contain not just text, but graphics, HTML markup tags, and video, further complicating the encoding and decoding processes.
Pretty grim, don't you think? How does that long, hot shower sound now?
(David Strom is the president of his own consulting firm and is writing a book on e-mail for Prentice Hall. He is a frequent contributor to many U.S.-based computer trade publications, and publishes Web Informant, a regular series of essays about Web technologies and products, available at http://www.strom.com.)