Aaron Toponce: PGP/MIME Versus S/MIME

I’m going to try to keep this post short (many of my regular readers will know how long winded I can be). However, with my recent post of setting up Mutt to support both PGP/MIME and S/MIME, based on the account I’m using, I figure a followup post on their similarities and differences might be in order. So, here it goes:

PGP/MIME

1. Uses the OpenPGP RFCs and standards.
2. The “signature.asc” detached signature is in plain text.
3. Flexibility in algorithm choice for encryption, signing and compression.
4. Relies on a distributed trust model.
5. Not as widely deployed in MUAs as S/MIME.
6. Public key must be distributed separately from the signature.
7. Trivial to integrate with webmail providers.
8. Can only be used with signing documents.
9. An expiration date does not need to be set on the public key.
10. Free.

S/MIME

1. Based on a number of RFCs and standards.
2. The “smime.p7s” detached signature is in a binary format.
3. Generally, the Certificate Authority (CA) chooses the algorithm and key size.
4. Relies on a centralized trust model.
5. More widely deployed than PGP/MIME
6. Public certificate distributed in each detached signature.
7. Difficult to integrate with webmail providers.
8. Can be used for both signatures and encryption.
9. Generally, the public certificate expires once per year.
10. Some CAs provide certs free for personal use, but most if not all CAs charge for professional use. As low as $20 per year, depending on the CA.

This isn’t an exhaustive list, but it’s pretty good. I’ve tried to keep any bias out of the list, and just mention the facts. Really, I get a kick out of using both, so meh. But, if I were forced to choose, I would choose the distributed OpenPGP model for signatures.

The biggest reason for this choice actually doesn’t even use PGP/MIME, thus the reason it’s not listed. That reason is I can set preferences in my key as to what must be used when encrypting documents to me. Thus, I can force you to send me a 2048 RSA encrypted document. With S/MIME, which can handle encryption, no such preferences exist, which means that there is nothing from stopping you sending me a 40-bit RSA encrypted document. I think you can see the security problem here.

Another problem I see with S/MIME is the reliance on a centralized authority. Essentially, you can trust I signed my mail with S/MIME, because my certificate is signed by DigiNotar and we all trust DigiNotar. Oh, wait. While the issuance of fraudulent public keys is a reality, the probability is much less likely, due to the distributed Web of Trust. Of course, this means there is a fair amount of homework that you must do in verifying that the key is legit, and that confidential information can be trusted with that key, but it is possible to make such assumptions.

Lastly, S/MIME is rather trivial to maintain. You pay a CA for a certificate, and you install the certificate in your mail client, and you’re ready to go. OpenPGP and PGP/MIME isn’t so trivial. You must generate your own keys, generally with PGP or GnuPG, and know the difference between your private and public keys. Then, you must install a plugin or extension into your MUA, which all don’t support, and configure that plugin to work with your keys. Then you must distribute your public key to friends and family, as well as keyservers, so others can grab a copy. But they can’t trust your data, until they meet up with you and do a keysigning, which means you must then redistribute the public key after their signature has been applied. In both cases, however, you can’t encrypt data to people unless you have their public key or certificate.

Both are internet standards, and both are fairly widely deployed. Unfortunately, there is work on your end that must be done on setting it up, and maintaining it, whether it’s a yearly cost or attending keysigning parties. As a result, it’s not as widely used in practice as much as it could be. I’ve made it a personal philosophy that I won’t send mail unless it’s cryptographically signed. This is true both personally and professionally. I would love it if my family and friends took the steps necessary to verify the signature, but it just isn’t going to happen. End-to-end security with email seems to have just too many speed bumps that people are willing to handle. That won’t stop me though.

Anyway, I hope this was at least somewhat informative.