A long time ago, in a galaxy not too far away, I took part in a JISC funded research project. The purpose of the project was to investigate and develop solutions for some of the issues associated with securing email.

It was a fun project to be involved with (not least because I got to pretend to be a student again for a little while), and I believe the solution we built – the Secure Email Proxy – was a good one with a lot of potential.

The project finished in 2003, and the website (hosted on an old Sun Pizza box in my lab) has long since vanished, along with the code for the project. I think this is a shame, so I’ve stuck my old development code up on Github. The proxy was under active development since I left the project, but I’ve not go access to the code. If you do, then please feel free to fork and update it.

Anyway, the proxy works by sitting on your local machine between your mail client and your mail server. It manages keys on your behalf, and encrypts/signs/verifies/decrypts messages and attachments on the fly as email passes through it. This means that you don’t need to have any native plugin to work, and it’ll work with virtually any mail client.


» Visit the project on Github…

I recently set up S/MIME for my email address. While in a day to day sense it is a lot simpler than PGP to use, primarily because native client support is near universal, the set up process was, to say the least, complicated.

By far and away the most complicated part of the process was obtaining the certificate required to sign and encrypt the emails.

Each certificate authority has a different procedure to obtain them; some requiring you to fill out an online form, some requiring a phone conversation (!!!), some would email you a link, others would offer you a direct download. Sometimes the certificate couldn’t be directly used, and would require you to install the certificate into your web browser, and then through some complicated process export them into a format that your email client could use.

S/MIME is mostly deployed within large organisations, so it is likely that it is envisaged that some IT department would take care of generating and installing certificates on a user’s behalf. But, if we want to see it more widely used, we need to streamline this process.

There is, in my mind, no reason why this process can’t be handled in a more streamlined way. Imagine setting up an email account in your mail client, wouldn’t it be cool if the last screen of the wizard prompted you to secure your email address, and gave you a short list of providers to click on? You mail client could then securely communicate with an endpoint, send the email address of the account, and then return and automatically install the generated certificate.

All that needs to happen is for the certificate providers to agree on some sort of protocol to do this, and for one or two email clients to implement it. It is the kind of problem that could be solved by getting a couple of developers from Commodo, Trust, Mozilla and the Microsoft Outlook team in a room for half a day.

How can we make this happen?

6a0120a85dcdae970b016301e98de2970d-800wi One of the good things to come out of the recent revelations that the NSA have been doing what we always supposed that they might be doing, as well as our lot pushing ahead with ill conceived plans to do the same, is that it has made the public at large much more aware of the need to protect themselves online. It has also acted as a spur for many of us in the tech community to pick up our game a little, and to work to better protect ourselves and others online by redoubling our efforts to finally stamp out cleartext communication protocols.

The humble email, sent for the most part in the clear and readable to everyone, is one of the last legacy unencrypted technologies still in common use. These days HTTPS can be being switched on for just about everything, and it is considered the height of irresponsibility in the tech community to still use telnet or ftp.

Technologies for securing email have been around for decades, but haven’t seen widespread adoption. PGP is the canonical example, however s/mime, which does the same job and is often forgotten about, may be more practical for most people, for two main reasons: 1) most mail clients have native support, including native support in iOS, 2) it does a much better job at key exchange, in the most part handling it transparently (as long as you have the “sign email” option turned).

Setting it up is still far from a one click “make my email secure” button, but once set up it is transparent and easy to use, so there is very little reason not to do it if you’re reasonably tech savvy (or know someone who is who can help you). Even if you use one of the NSA’s free webmail services (gmail et al), providing you don’t use the webmail interface to read your email, you can still set this up.

What this won’t do

Even if your email is encrypted, there are a number of gotchas which you should be aware of…

  • It relies on both parties switching on encryption – this is an age old issue.
  • Subject lines are never encrypted.
  • The spooks and other ne’er do wellers can still see who you contacted and when, leaving you vulnerable to being caught by the inevitable guilt by association fallacy that such mass surveillance programs are guaranteed to produce.

Setting up S/MIME

  1. Obtain a signing certificate: Unlike PGP, which relies on self generated keys and a web of trust to establish authenticity, S/MIME relies on signed certificates in the same way as HTTPS does. These are in many cases free to obtain. I currently sign my emails with a Comodo certificate obtained via their handy online form.
  2. Collect your certificate: Next, you need to collect your certificate, this is done via your web browser, and is possibly the most confusing step. You must visit a link, and your browser will generate and install a certificate into itself. What this means is that once you’ve clicked on the link, you should get a message along the lines of “Certificate from xxxx installed”, but you won’t be able to directly use it in your email client. You must also use the same browser on the same computer throughout the whole signup and retrieval process, which caught me out.
  3. Export your certificate: In order to be able to use your new certificate to sign and encrypt email, you must first export it as a certificate file. From your browser, visit your advanced settings and export the certificate. In chrome, this is under Settings -> Advanced -> Manage certificates. Save it somewhere safe, give it a password you’re going to remember.
  4. Import the certificate into your mail client: Here’s how on thunderbird, OSX/ios, outlook.

If you’re tech savvy, this isn’t too painful a process, and once it’s done its done (at least until the certificate expires). If you’re not, then I think it is up to those who are to help. Stamping out unencrypted communication protocols can be considered a civic responsibility in tech circles.

Hand holding is a start, however I see absolutely no reason whatsoever that this process can’t be made into a nice click button wizard. For the most part, S/MIME is natively supported in all modern mail clients, so is it not high time that the setup process was made a good deal simpler? Why on earth is this not all done by the setup wizard?

As a community, lets make a pledge to make this better and to stamp out clear text communication protocols once and for all, making security an invisible process for everybody. What do you say?