[joshuak]

My company's internal mail goes through gmail so I decided after recent news to setup GPGmail and s/mime.

I identified a couple of usability issues, which where fixed. I'd say all in all its very good.

Regardless if you believe or care about the NSA issues, simply the idea of routing clear text email through mail exchanges, and advertisers should give you enough reason to follow the few steps it requires to generate a key, and start encrypting and/or signing email. Except for post cards we don't do this with our regular mail, so why are you ok with it with you email (and your email is far more machine readable).

GPGMail is not quite Grandmother ready, and unlike s/mime it doesn't really have an incremental value[1], but it is far more secure, and very easy to use once setup. Plus the other tools in the toolkit are useful for general encryption.

s/mime is another option, here are some pros and cons:

s/mime pros

  integrated with many mail apps
  usually plays nice with mailing lists (adding a footer doesn't invalidate a sig)
  works on iOS devices (perhaps others?)
  has an incremental value even before all your contacts are using it[1]

s/mime cons

  based on a certificate authority model
  cost money depending on the cert you get
  requires a 3rd 'trusted' party
  does not seem to be secure in some respects:
    (web cert generation, no rules regarding sigh/encrypt/sign[2],
    does not make use of a certificate request so anyone who has
    even momentary access to your email can generate a cert to
    masquerade as you)
  your identity is associate with your email address not you
    (you will need certs for each email address)

--

GPGmail/tools pros

  Based on web of trust instead of CA (web of trust is not required)
  You can revoke your key if it is compromised
  Based on you not your email, so you can use the same sig with any email address
  You can even associate your picture with your key
  Optional Anonymity
  Strong cryptography
  Use the same keys for non email encryption
  Free

GPGmail/tools cons

  Less widely integrated.
  Does not work on devices yet.
  May break email lists (adding footers may change the sig, I haven't tested though)
  Can't help much until your have other people to use it with.

[1] With s/mime you can sign email documents even if your friends don't have s/mime that can still see your signature is validate.

[2] See the answer by Adam Liss (not the accepted answer) for the security issues http://stackoverflow.com/questions/13512026/how-to-check-if-...

[Edit: formatting]

[claudius]

Just two nitpicks: You can sign email with GPG even if others aren’t using it (of course it will be of little value to them until they, possibly at a later date, verified your key), and it is supported on Android by K-9, I believe.

[ohazi]

Relevant xkcd: http://xkcd.com/1181/

[mike-cardwell]

Worth noting here that K-9 for Android does not support the more modern and useful PGP/MIME. It only supports inline PGP. They've been promising it for years, but I'm not expecting to ever see it.

Hopefully somebody makes a good go at getting PGP onto Firefox OS so I can ditch Android.

[joshuak]

Yes you can, but my point was that this is of no utility with GPG. Whereas with s/mime anyone can confirm that your email was signed (with many email clients), so there is value to using s/mime prior to all your contacts also using it.

[claudius]

> anyone can confirm that your email was signed (with many email clients), so there is value to using s/mime prior to all your contacts also using it.

Provided that they trust the people handing out these certificates – with PGP, they need a chain of trust to your key to verify that it is you, with S/MIME, they have to trust random third parties. Or do I miss something and you mean something else that is possible with S/MIME but not PGP?

[joshuak]

Right now if I send my Grandmother a signed email with s/mime she will see a little notice in her email client that says the message is signed and valid. If I send her an email with a PGP signature it will not.

This is because just like her browser the CA is trusted by her OS.

[Osmium]

Any recommended CAs for S/MIME for personal users? And is it possibly to transparently use both, e.g. sign all outgoing mail with S/MIME by default, but also encrypt with, say, GPG if you happen to have that contact's public key?

[joshuak]

GPGMail is nicely integrated into Mail.app. It plays well with s/mime, so you can have both installed, and use either one that is appropriate.

For easy steps on how to do this see here:

http://arstechnica.com/apple/2011/10/secure-your-e-mail-unde....

You can get a free cert from COMODO:

http://www.comodo.com/home/email-security/free-email-certifi....

[induscreep]

I use StartCom https://cert.startcom.org/

[mseebach]

No. You absolutely must confirm the key of people you correspond with. An internal CA in your organisation could achieve this, but the "trust a random list of CAs" model of security is fragile, and must be considered compromised in the face of an adversary like the NSA (or any government in a country where a CA on your trusted list is located).

[joshuak]

Well either you trust the CA system or you don't. If you do then receiving a s/mime signature, that your OS thinks is valid because of the root certificates that it accepts, then you can trust it "transparently".

If you don't trust the CA system, well then the web is a very scary place for you because it's all built on that and email is probably the least of your concerns.

The CAs are generally not "a random list", but rather a publicly accepted and accredited CA. Just like your https cert.

[andrewflnr]

No. Degrees of trust are allowed, and you can choose to do different things in different contexts (browsing vs email) depending on the likelihood and likely damage of betrayal.

[indeyets]

That's exactly the reason, why "DANE" approach is developed now, to replace CAs use for HTTPS

https://tools.ietf.org/wg/dane/ http://www.internetsociety.org/articles/dane-taking-tls-auth...

[napoleond]

GPGMail is not quite Grandmother ready

My little company is working on an encrypted email solution that is--http://parley.co will be entering pre-beta next week :)

[e12e]

Since you seem to server your site (parley.co) over https, you might want to accept signups over https as well -- it's a little disconcerting to get a warning message of information being posted in the clear from a page that is all about making it easier to communicate securely online:

    <form action="http://parley.us6.list-manage.com/subscribe/post?u=NN&amp;id=NN" method="post"

Other than that it'll be interesting to see your implementation -- I've been considering the idea of key storage for a while, and I also think so long smart cards aren't ubiquitous (and usable with all clients, such as phones as well as PCs) -- pass-phrases is unfortunately as good as it gets.

It's unfortunate, because anything based on shared secretes (directly) makes key revocation tricky.

[napoleond]

Thanks for the heads up! We just set up SSL for the main site, and obviously missed a few things--I'll fix that right now.

[munin]

you can revoke your S/MIME key from a CA (you just need to remember the revocation password you gave them)

S/MIME is also built in to (almost) every thick MUA. it works on iOS out of the box, it works in outlook, thunderbird, mail.app and mutt out of the box.

once you generate a S/MIME cert through a big provider, none of the other big providers will give you an e-mail cert for the email issued by the other big provider (probably, still trusting them to do the right thing).

[joshuak]

No, you cannot revoke your s/mime cert. Your CA can. That is a big difference.