A new encryption service

This morning I awoke to find an email from my friend Paul Moor alerting me to a new encryption technology service called Identum. The company makes it’s product, called Private Post, available for free. The encryption technology used for this product is the so-called Sakai-Kasahara Identity-Based Encryption (SK-IBE). A highly-technical document called the “Security Proof of Sakai-Kasahara’s Identity-Based Encryption Scheme” can be downloaded in this PDF.

This question from the FAQ for Private Post is important …

Q. Which email programs are compatible with Private Post?

A. Private Post integrates seamlessly with Microsoft Outlook 2000, XP and 2003 through plug-in toolbars which enable you to make and read Private Post. To read your Private Post in other email programs simply open the attached .ibemsg file. To make a new message private, write your message as normal, click on the Private Post icon in your system tray and select Make Private.

Private Post

Because I don’t use either Outlook or Outlook Express, I’ve asked Paul to download their product and send me an encrypted message to test whether I’ll be able to decrypt it when I receive it. If I can (per the instructions quoted above from their FAQ), then this could be a significant step forward in encouraging the use of encryption in email, which I happen to believe is a good idea for the reasons given in this explanation from the Private Post FAQ.

Q. Why should I install Private Post?

A. Email is about as private as a postcard. Your email becomes public the moment you hit the send button. It is sent in a readable format across the internet via your own and other peoples public networks and can be easily intercepted, read and even changed. Securing your data at point A and point B is both necessary and desirable but its not the whole story. Any security measures you take become worthless unless your data can also be kept private in transit between A and B. Private Post ensures that only the intended recipient can read your email PLUS any attachments you send.

Private Post

Encrypting email has always seemed to me a good idea, and I have spent a lot of time experimenting with PGP and the S/MIME technology used by Thawte. A major drawback to most encryption schemes is that they often require a level of sophistication that makes them unapproachable by any but the most determined, and frequently one has to teach his correspondents how to use the tools. For most people, this learning curve is a hurdle they simply can’t (or won’t) leap.

I have sent an email to Bruce Schneier, who is one of the world’s most highly-respected commentators on security issues, in the hope that he’ll review Private Post and give his assessment of its merits at his blog or in his monthly newsletter, Crypto-Gram. In the meantime, I expect to run some tests with Paul to see about Private Post’s ease of use and its interoperability between diverse email programs. If/when I have anything significant to report, I’ll comment further.


3 thoughts on “A new encryption service

  1. Pingback: GD30 Creative » Blog Archive » Private Post

  2. James

    The real question isn’t whether it is free or not, but rather is it open source? It is vital that code of this nature be reviewed by the community at large as it is too new of a paradigm to really trust.

    I would be curious to know what various industry analysts think of it…

  3. perry Post author

    James, I agree with you, but unfortunately, I don’t know the answer as to whether it is open source. You might direct your question to the horse’s mouth since they seem to be responsive to requests for information. I sent my question to support@privatepost.com and they did, in fact, reply to it.

    If you read all my posts on this subject, you’ll see that Bruce Schneier did NOT give any significant response to my questions.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s