This morning I awoke to find an email from my friend Paul Moor alerting me to a new encryption technology service called Identum. The company makes it’s product, called Private Post, available for free. The encryption technology used for this product is the so-called Sakai-Kasahara Identity-Based Encryption (SK-IBE). A highly-technical document called the “Security Proof of Sakai-Kasahara’s Identity-Based Encryption Scheme” can be downloaded in this PDF.
This question from the FAQ for Private Post is important …
Q. Which email programs are compatible with Private Post?
A. Private Post integrates seamlessly with Microsoft Outlook 2000, XP and 2003 through plug-in toolbars which enable you to make and read Private Post. To read your Private Post in other email programs simply open the attached .ibemsg file. To make a new message private, write your message as normal, click on the Private Post icon in your system tray and select Make Private.
Because I don’t use either Outlook or Outlook Express, I’ve asked Paul to download their product and send me an encrypted message to test whether I’ll be able to decrypt it when I receive it. If I can (per the instructions quoted above from their FAQ), then this could be a significant step forward in encouraging the use of encryption in email, which I happen to believe is a good idea for the reasons given in this explanation from the Private Post FAQ.
Q. Why should I install Private Post?
A. Email is about as private as a postcard. Your email becomes public the moment you hit the send button. It is sent in a readable format across the internet via your own and other peoples public networks and can be easily intercepted, read and even changed. Securing your data at point A and point B is both necessary and desirable but its not the whole story. Any security measures you take become worthless unless your data can also be kept private in transit between A and B. Private Post ensures that only the intended recipient can read your email PLUS any attachments you send.
Encrypting email has always seemed to me a good idea, and I have spent a lot of time experimenting with PGP and the S/MIME technology used by Thawte. A major drawback to most encryption schemes is that they often require a level of sophistication that makes them unapproachable by any but the most determined, and frequently one has to teach his correspondents how to use the tools. For most people, this learning curve is a hurdle they simply can’t (or won’t) leap.
I have sent an email to Bruce Schneier, who is one of the world’s most highly-respected commentators on security issues, in the hope that he’ll review Private Post and give his assessment of its merits at his blog or in his monthly newsletter, Crypto-Gram. In the meantime, I expect to run some tests with Paul to see about Private Post’s ease of use and its interoperability between diverse email programs. If/when I have anything significant to report, I’ll comment further.