On Wed, Dec 07, 2005 at 09:42:03AM -0500, Ed Gerck wrote:
To help develop a common yardstick, I would like feedback (also by
private email) on a list of desirable secure email features as well
as a list of attacks or problems, with a corresponding score card for
the secure email technologies X.509 / PKI, PGP and IBE. The paper
is at http://email-security.net/papers/pki-pgp-ibe.htm
What's missing, except implicitly, is the most important feature of
all. Ease of use and deployment. What do users have to _do_ to get
the software, to get and maintain certificates (if required), and to
send and receive mail.
This is the most important feature because inattention to it has
caused both secure and insecure systems to not get used except by
a small minority of the population. That the system be easy enough
to use that people will actually use it turns out to be as important
as how secure the system is against various threat models. More
important than security against certain more rare threat models.
It's amazing how easy it is to get this wrong. Did you know that
Microsoft Outlook, the most common email program in the world, has
opportunistic e-mail encryption if you
a) Get a certificate (free from thawte)
b) Click two checkboxes
Nobody uses it because of one very simple but giant mistake. If
you turn on the checkboxes, then every time you send mail and
every time you receive encrypted mail, you get a dialog box popping
up asking to confirm if the program can access your private key.
(Also, nobody knows about it, and it uses giant ugly x.509/s-mime)
And one final note -- it is controversial to describe "return receipt"
as a feature. For recipients, that's an anti-feature.