In the past couple of weeks, the effectiveness of PGP as a way to encrypt the emails of users has been a subject of much debate. This latest round was kicked off by Matthew Green, a professor of cryptography at Johns Hopkins University, who criticized PGP primarily for flaws in key management and for its lack of forward secrecy.
It’s very important for the industry, as a whole, to get encryption right. It’s fundamental to securing online lives in the 21st century. PGP has been a key part of securing email for many years, so suggestions that it needs to be revised because it’s broken need to be taken seriously.
While the encryption of PGP itself is regarded as sound, it has always been regarded as not particularly user-friendly. However, it has never really been considered to be aimed at ordinary users. Before, it was always more technically capable users who found themselves relying on PGP. These users were capable of using the PGP clients available at the time, despite their lack of polish.
Now, things are different; it is conceivable that people might be interested in using PGP, but not have the technical capability to use the existing clients. These users want software that is “click and forget”. There is a fundamental disconnect between “what is secure” and “what is easy” that is not easily bridged.
One particular aspect of PGP that does deserve criticism is how it manages keys. Simply put, PGP puts all the burden of managing keys on the user. This is in contrast to other encryption solutions like SSL/TLS, where this process is essentially invisible to the end user.
There’s a fundamental tradeoff between convenience and security, and here PGP was designed with security as the highest priority: key exchange was handled directly by the users. This meant that users could decide whose keys they could trust. That’s the most basic decision in security, and PGP put it directly in the hands of users. That may have been fine for tech-savvy individuals, but for ordinary users, that’s far more difficult.
Other email encryption solutions (like those we offer) rely on some sort of Trusted Authority (TA) to manage the keys. The TA has to authenticate users, but this takes the burden of key management away from end users. Of course, this means that the end users have to trust the TA server – this is fine for corporate environments, but for individuals this is probably not acceptable.
There is nothing stopping a vendor from implementing PGP in a way that is more palatable to an ordinary user. This is exactly what Google and Yahoo are trying to do, and it will be interesting to see just how they meet the challenges of making PGP acceptable to the ordinary user.
One more thing to say about PGP. Whatever its flaws, it has been proven to be reliable – and trusted – since it was introduced. Yes, it has its own problems, but to a large degree those are because it is being used by markets that it was never aimed at. In addition, as computing power increases, key length will have to be increased as needed – but this is an understood problem.
However, the core of PGP is still sound. Saying it needs to “die” is counterproductive, as all that might do is push users towards other “solutions” that may promise security, but are actually insecure. What needs to happen is for PGP to be improved and built on in order to serve the evolving needs of users. Done properly, these can mean PGP will continue to be a strong security standard for a long time to come.