Email Security

Introduction

Email is inherently insecure. There are two big problems.

1. You can never tell if the email you received really came from the person it claims to come from. This is the problem of forgery.
2. You can never tell who read the email along the path it was sent. This is called security.

There has been several attempts to solve these problems. All of them have failed. Here's what they were and why.

History

SMTP is perhaps the oldest internet protocol in existence. It is old and reliable. It is fairly easy to write an SMTP server. It is really, really easy to write an SMTP client. There are hundreds and hundreds of implementations of each.

SMTP has some severe problems. For starters, it is really old. That means if I sit down and write an SMTP server today, it has to be compatible with systems written many decades ago. This isn't as hard as it sounds. But it means that there can be no new features in SMTP that are universally adopted. Someone, somewhere, will always be running the older version of SMTP, and will never have a reason to upgrade.

The network effect is powerful stuff, and nowhere is this demonstrated better than Email. Email is the killer app of the internet, dwarfing web pages, chatting, and every other application on the internet.

Attempts to Fix SMTP

There are some very serious problems with SMTP, ones that I outlined above. These are the problems of forgery and security. (There's also the problem of spam, something I have very strong feelings about. Don't we all, though?)

How do you solve these problems? Well, encryption was tried. After all, it seems like the perfect solution.

The two best efforts were S/MIME (which failed miserably) and PGP/GPG (which failed even more miserably.)

Why did they fail?

Because we have failed in teaching people how encryption works, and how to manage keys. You see, unless you understand this business, it makes no sense. Consider the following dialog:

Tech: You need a private/public key pair.

User: A what?

Tech: A pair of keys. The private key is the one you keep secret, and the public key is one you give out to everyone.

User: Why would I hand out keys to everyone?

Tech: No, these aren't real keys. They're really just numbers. The numbers are very special.

User: Okay, I'll buy that. So I hand out the public key to the public, and I keep the private key secret.

Tech: Good. Now, there's two things you can do with these keys. You can encrypt or sign.

User: Huh?

Tech: Encrypting is when you take a message and make it so no one but the person you want to read it can read it. All you need is their public key.

User: Kind of like a spy movie.

Tech: Yes, but the encrypted message won't explode. For signing, it's like a certification seal. You sign it with your private key and people can check that you really signed it with your public key. No one can tamper with the signature or the original or else the check will fail.

User: Why would I give them my private key? Isn't it a secret?

Tech: No, you don't give them the private key. You make a signature with the private key, and hand out the signature along with the thing you signed.

User: This is really weird.

Tech: Yes, it's all about math and stuff.

User: Okay, is that all I need to know?

Tech: No, we're just beginning. Now we need to talk about how to get the real public key and not an imposter's public key. And then we'll need to talk about connecting to servers securely. And how to send email.

User: Will I be able to send email then?

Tech: Probably not.

As you can see, there is a lot to learn, too much to learn at once.

Now, there is hope. After all, we humans have learned how to do far more complicated tasks such as driving a car. It's just a matter of getting the info out there.