In Phil Zimmermann's response to "Does Phil Zimmermann need a clue on VoIP", Zimmermann offered a blistering attack on PKI based solutions and offered his own PGP solution as the superior alternative. There is just one little problem: the computing world chose PKI for the most part while PGP barely makes a dent in the email world.
After Zimmermann finished criticizing Skype's methodology for success (to which I responded), Zimmermann went on to slam PKI implementations such as S/MIME, boasting that his PGP email products are much easier to use and much more popular. While both S/MIME and PGP are certified by the NIST, neither solution has any penetration in the mass computing market. PGP happens to be more widely used than S/MIME among the "techno-elite" but the mass market penetration is so insignificant that it’s a moot point. Zimmermann in a subsequent email even went as far as saying that "no one" used S/MIME which seemed strange to me since I use it myself.
The reason I chose S/MIME over PGP is because it’s much simpler to use than PGP and virtually every email client in the world from Eudora, Outlook, Netscape, Mozilla, Hotmail, and even Google’s GMail supports it out of the box. The only thing needed to make S/MIME work is a signed digital certificate which can easily be obtained free of charge. PGP requires that you must have PGP software installed on both sending and receiving ends and both ends must generate their own PGP keys. From a usability standpoint, I can digitally sign an email using S/MIME and I can comfortably assume that more than 99% of the world will be able to verify its authenticity with zero effort even if they themselves don't have a digital certificate. On the other hand when most people get an email with a PGP signature, virtually no one bothers to check if it’s legitimate or not because they almost certainly don’t have PGP software installed. Even when they do have PGP installed, users are forced to go through some extra steps to build trust for each associate they communicate with whereas they wouldn't have to do this with S/MIME. Because of this addition management burden, PGP users must be substantially more cryptographically savvy than S/MIME users which explains its popularity among the techno-elite.
Digital signing of email is only half the equation in cryptography, and encryption is the other half. In order to have both parties be able to digitally sign emails and use encryption, both parties must have a Digital Certificate installed ahead of time. This is where Zimmermann argues that the problem with PKI implementations is that they all require what he terms "activation energy." What Zimmermann means by "activation energy" is the fact that you have to have a Digital Certificate that is signed by a publicly trusted Certificate Authority ahead of time before anyone can use PKI based solutions. Even ignoring the fact that it takes a lot more "activation energy" to acquire and install PGP software (which usually isn't free) on both ends than it takes to obtain a free digital certificate, non-PKI solutions like PGP take a lot more of what I call "continuous energy" to use which is an additional negative not associated with PKI and S/MIME. The reason S/MIME hasn't taken off is because the PKI registration process is still too much of a hurdle for most people to go and do on their own, and the software still takes some effort to learn even though it's easier than PGP. Even though S/MIME is easier than PGP, there is a lot of room for improvement to make the initial registration and configuration hurdle easier for the average computer user. As it stands now, I have been successful at getting people to use S/MIME whenever there was a need to use secure email whereas I know it would have been a lot more painful to get them to use PGP. If any reader who has never tried cryptography wants try S/MIME or PGP out for themselves, you're welcome to talk about your experiences here and let us know which solution was easier.
In my original blog that touched off this debate, I mentioned how just about every PKI-alternative company in the world has declared PKI dead to push their own wares. The real irony in this is that they themselves rely on PKI to make their own PKI-alternative implementation work. Both PGP Universal and IBE which are two major PKI-alternative solutions rely on SSL and PKI certificates as a critical part of their solution. What’s even more shocking is that after you get past all the fancy server architecture and the fancy mathematics that both solutions entail, you realize that they ultimately reduce themselves to sneaker-net transmission of a secret password for the purpose of downloading a private key from the PGP Universal or IBE SSL-enabled web server. The fact that the private key is generated on a third-party server and not on the client machine is bad enough, but the requirement to transmit a secret password violates the fundamental reason why Public Key Cryptography exists in the first place. Most normal people will probably end up sloppily transmitting that password over the public phone network or will just email it in plain text which makes the entire PKI-alternative scheme dubious. [Editor's note 8/11/05 11:30AM: PGP Corporation is not a PGP-only or anti-PKI company, PGP Universal supports regular PKI and S/MIME in addition to PGP. They also support a one-time email/web challenge response to allow a new user to set up their password for access to their secured email in addition to the method mentioned in this paragraph] This is actually a very common and recurring theme among every PKI-alternative solution I’ve seen -- which is why I have always said that avoiding PKI is more trouble than it’s worth.
PKI is an open standard that is widely deployed in the closed and open source world. In the corporate environment, PKI is used to facilitate nearly every kind of secure communication scheme there is, and once it’s done it can run almost indefinitely without a glitch because PKI authentication is an offline process that isn't sensitive to temporary outages. I know this from personal experience because I’ve deployed many PKI-based solutions -- some of which I list below. Anyone who says that PKI doesn’t work or that it’s too difficult to deploy is either out of touch or they’re trying to sell you their own solution. Here are some examples of enterprise applications that rely almost exclusively on PKI.
- 802.11i or WPA/WPA2 enterprise wireless security
- IPSEC, L2TP, or SSL based remote access VPN
- IPSEC site-to-site VPN
- E-Commerce B2C (business to customer) with SSL
- E-Commerce B2B (business to business) with XML
- Secure Instant Messaging such as Microsoft Windows Messenger and Live Communications server
These PKI solutions are much more common than a few PGP users sending encrypted messages to each other and are used by every-day people in the computing world. Skype also relies on PKI and is the most successful implementation of secure communications ever. The computing world overwhelmingly chose PKI as the simpler and more elegant solution and nothing the PKI-alternative crowd can say will ever change that until they come up with a better solution. So far, no one has.