2008-10-16

How Email encryption for the broader public could be realized

After reading the Every Email In UK To Be Monitored article and its comments over at Slashdot I once again felt like encrypting each and every Email I send using GPG/PGP. Now for this encryption to work the person I am sending a message to would need to have GPG/PGP set up too. A lot of technical-minded people already have this set up, but I can not expect everyone to be using encryption.

The reason for not everyone using GPG/PGP for encrypting their emails might be that, even though GPG/PGP have become a lot more usable for the end-user in the last few years, these programs are probably still too technical and thus hard to understand for non-technical users.

This is when I thought a little about how people could be made using public key encryption for E-Mails. After a bit of brain-storming an idea came to my mind, an idea I would like to present you with.

Basic idea

What about creating a program acting as both SMTP and POP3/IMAP proxy server that included all the logic to do encryption and would encrypt/decrypt messages transparently?
If this logic was moved out of Email clients we could get a solution working universally for each and every Email client out there.


How this could work

Imagine you sending an email to someone you've never sent an email to. You write the message in your Email client as you are used to and hit the send button. Now, instead of connecting to your SMTP server the E-Mail client would connect to the Email proxy program and submit the message there.

At this point the program would check the email sender and recipient. If the sender does have a public/private key pair and the recipient's public key is known the program would prompt you for the passphrase to your encryption key. After entering the passphrase and hitting a button (send, sign, encrypt, I guess you can think of a more appropriate name) again the message would be encrypted and then forwarded to your SMTP server.

On the other hand, if the public key of the recipient is not known (and cannot be fetched off key servers) the program could send a message informing the recipient that you wanted to encrypt your email, but were unable to do so, explain that this program exists, where to get it from, how to set it up, why encryption is important, and so on. I can imagine having a hard-fail mode, sending only this message and a soft-fail mode, attaching or including the automatically generated message somehow (attach it, inline it, etc.) to the original message. Either way, the generated message should be cryptographically signed.

Receiving mail would work the other way around. The proxy would try to fetch messages off all configured IMAP/POP3 servers on its own, check if they are signed. If a signed message arrives the public key should be, if not already done, be imported into the local keyring. As for encrypted messages this should happen the same way, plus decrypting the message.
The Email client would connect to the IMAP/POP3 proxy server and fetch (the decrypted) messages from it. Both unencrypted and unsigned messages should be marked somehow (think subject re-writing here and maybe adding an X- header). However, no automatic sending of emails should happen when receiving messages as the From header could be forged (spam anyone?).

Features of the program

The program I have in mind should include the following features:

  • GPG key management (creating, distribution to keyservers, etc).

  • Automatic encryption/decryption and signing/checking signatures.

  • Non-technical, so everyone can use it.

  • Support multiple IMAP/POP3 and SMTP servers, so it can act as a central point for storing all Emails a user could receive.

  • Cross-platform functionality (Java? Python?)

  • Free Software


Plans

I would love to implement this program, but fear that this could be way too much work for a single person. If you are interested in helping with the implementation or simply have any comments feel free to either drop me an email at blog at sp dot or dot at or use the blog's comment function.

I hope I did explain my idea clear enough and did not miss anything.

Happy hacking!

1 comment:

  1. It sounds like you're suggesting connecting everyone's mail clients to a big public keyserver. That's fine, it's hard to get people to use keyservers though and it's something than I'm not sure a lot of people would be happy with.

    How would you feel if you sent email and all your recipient got was "Please install PGP" ? It's a hassle and that's going to annoy people, as soon as you include an option to remove this feature you'll have people posting "How to stop **** from messing with your emails" tutorials online, so that breaks it.

    It's very difficult to get everyone to use encryption but I don't think the way to do it is with technology. There's already ways to get keys from the internet so you don't need to have met someone and yet they're still only used by people who know they need them. Education's still the only way to fix it.

    Although, anything which messes up the government's warrantless taps is good.

    ReplyDelete