Helping people with computers... one answer at a time.
I've been doing a little research into encryption, specifically using tools like Gnu Privacy Guard, or GPG, to encrypt email. The technology is very cool, very powerful, and in all honesty, I'd expect to see it used more than it is.
And that's what has me confused. I must be missing something.
While there are a lot of mail clients that support it, the email clients with massive market penetration don't seem to. Aside from the Enigmail add-in for Mozilla Thunderbird, integration of digital signatures and encryption into mainstream email clients seems to be either incompatible, unusable for the average user ... or missing completely.
Microsoft's Outlook and Outlook Express both seem to go into what I would call commercial overkill for the average user. The native encryption and signing support has you purchasing a digital certificate from a authority like Verisign to enable the feature. It's unclear if email clients other than Outlook or Outlook Express could even interpret the resulting signature or message. That's great if you have money to spend, and are running an Outlook-based shop. But what about the rest of us?
GPG public key encryption has been around for quite a while, and certainly in tech circles it's not uncommon to see signed email wrapped in the "PGP SIGNED MESSAGE" indicator. But if you're an Outlook user there's no real integrated validation, decryption, or for that matter creation of signatures or encrypted messages using this technology. Yes, I know, there's a plugin for Outlook that looks like it's headed in the right direction, but it hasn't been updated in over three years, and in my opinion still isn't ready for the non-technical user.
Now, many people bash Outlook and Outlook Express, and Microsoft for that matter, as being big, bloated and insecure and whatever negative adjectives you want to throw at them. But the fact is that for better or worse, a LOT of people use Outlook and Outlook Express. Telling them to move to another email client is simply not a realistic solution. Ain't gonna happen. Adding a simple, user friendly, open source interface for either or both would go a LONG way towards mass acceptance of encryption and digital validation of email across the board.
But I must be missing something fundamental. I don't get why that doesn't already exist.
Until it does, I'm afraid that encrypted email will remain, largely, in the realm of corporations willing to pay for the Microsoft approach, or the technical folks who's circle of correspondents use compatible tools. The rest are left out in the cold.
I'd love to hear what you think. Visit askleo.info, and enter 10001 in the go to article number box. Leave a comment, I read them all.
This is a presentation of askleo.info, a free on-line technical question and answer service. Hundreds of questions and answers are online and ready to help solve your computer problems.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.