I’ve often written about the need to encourage wider use of encrypted emails. As everyone knows, the main problem is that existing email encryption solutions are too hard to use: Aunt Millie simply won’t deal with the complexities. But what are those problems? On the Mac, for example, GPGMail integrates more or less transparently with the Mail App. There are two buttons for choosing signing and/or encrypting an outgoing email—which can be set to perform their functions by default—and incoming encrypted mail is automatically decrypted, perhaps after prompting for a password for the private key. Probably easy enough for even Aunt Millie.
So what are the problems? Matthew Green has a post that offers an answer. The real problem is what it always is with crypto systems: key management. Current email encryption systems, which are mostly all based on the OpenPGP protocol, illustrate this nicely. After you’ve generated a GnuPG/PGP key, how do you communicate it to Aunt Millie? How she can she be sure it’s really your key and not that of her other, conniving, evil nephew? Those are just some of the problems that an email encryption system must deal with. Read Green’s post for exactly what those problems are and some possible solutions.