I have been signing outgoing electronic mail, on and off, for many years.
It’s getting harder.
I started, as all good nerds did in 1993, with a 1024-bit RSA PGP keypair. The high technical bar on using PGP or GPG meant that only the very dedicated ever used it at all, and only a handful of people fully understood the “web of trust” that is essential to using it correctly. I’d say the system has not aged well, but I remember being informed around the time I initially adopted it that PGP had “the user-friendliness of a cornered rat” so perhaps age is not the real problem. It’s certainly not the only one: here’s a recent article if you want more detail.
For the past decade or so, I have used the more mainstream S/MIME system to sign my outgoing mail. As I explain on my S/MIME page, I feel there are benefits to this both in terms of establishing the expectation that mail from me can be authenticated but also in that it gets a key out there so that people can send me encrypted mail if they ever need to. I can count the number of times that’s actually been necessary on the thumbs of one hand, but there’s a principle at stake here: as I pointed out last year, it’s important to have these things set up before you need to use them for real.
During the last ten years, I’ve been using S/MIME certificates from commercial CAs so that they are recognised by mail clients. There’s little point, in my view, in public mail that’s signed by a certificate from a private CA whether it’s your big corporate one or just one someone put together on a spare Linux box. I’ve been fortunate enough — until now — to be able to do that at no cost, because several commercial CAs used to issue “persona level” S/MIME certificates for free.
The commercial CA business has been going through a lot of changes recently, with some CAs being “distrusted” (removed from the trust lists relied on by client software) for misbehaviour, and others undoubtedly finding it harder to make ends meet because their low-end business is being disrupted by Let’s Encrypt. Today, Mozilla’s list of companies offering free S/MIME certificates contains is down to just one, whose terms and conditions I can’t accept because I lack the ability to read Italian legalese.
This year, then, I’ve taken the plunge and bought a three-year S/MIME certificate from Sectigo (previously known as Comodo) through one of their resellers. This seems to be the same product as was previously available at no charge from Comodo.
It’s not obvious to me that it will make sense to renew this certificate when its term is up, or even if that will continue to be possible. This was not an easy product to find: no-one really makes money from it (the CAs would much rather sell in bulk to large corporations) and the number of sales must be very low too.
You might hope that Let’s Encrypt would eventually find its way into the S/MIME certificate space as well. There’s even an Internet-Draft devoted to a related topic. Here’s what Josh Aas had to say in May 2019:
Head of Let’s Encrypt here.
So far as we can tell, there is no viable plan for mass adoption of S/MIME. It will remain a niche system whether or not we participate. There is no opportunity for impact that would justify the effort and expense on our part, no vision for the future of S/MIME that we’re excited about.
Josh paints a pretty dismal picture, but it’s hard to argue with his conclusion that Let’s Encrypt shouldn’t put effort into “Let’s Encrypt for e-mail”. Unfortunately, I don’t see anyone else stepping up.