PGP CTO Blog

The first paper I published on that vision, " Improving Message Security With a Self-Assembling PKI," was presented at the 2nd Annual PKI Research Workshop in April 2003. In that paper, I described how we are re-thinking the way encryption and security works. I described this change in thinking as a change in metaphor from the “telephone” metaphor to the “messenger” metaphor. This change is as profound to the way security works as the change in basic computing to the “desktop” metaphor brought about by a change in the way we view and use computers.

The first product we made that fulfilled that vision was PGP Universal™. It's a server-based system that is the “secure robot messenger” I described in the PKI paper. Best of all, it works. It's so simple that the CTO can use it. Heck, it's so simple that even the CTO's retired parents can use it.

We are now introducing our next-generation products, PGP® Desktop 9.0 and PGP Universal™ 2.0, as well as the new PGP® Global Directory service hosted by PGP Corporation. The combination of these new products and services is a refinement of our use of servers and introduces our new way of thinking across our product suite. These products solve real-world problems you deal with every day, and here's why you should care.

Vision and Goals
Interoperability
PGP Desktop 9.0
PGP Universal 2.0
PGP Global Directory
Conclusion

Vision and Goals
We are working on solving the problem of getting people to use more secure email. This is a big problem that we can't solve alone or overnight, but we have decided that we must take the lead in designing a solution.

The old way of doing secure email still works and is very secure. It is also reasonably easy to set up and use. It even scales fairly well: The global OpenPGP public key system is the largest PKI in the world and contains several million keys. There are close to 2 million of them on the legacy public PGP® Keyserver and many more on other keyservers and websites.

Because we want everyone to use it, however, we need that system to scale to billions, not millions of keys and users. We believe that the more people there are using secure email, the more secure the overall system will become. Consequently, we must make security completely automatic, open in design, and usable by people who don't know or care about the workings of secure email any more than they do about the workings of telephones.

If you're used to the OpenPGP way of secure email, it's still there and still provides good security. What we're building is an extension to it, not a replacement for it.

We are coming up with new mechanisms for security that satisfy the need for automatic operation, seamless integration with existing security solutions, and user transparency. Our new designs don't require plugins, even though you may still use one of ours or someone else's. Our approach is to move from requiring plugins and applications to software that works directly in the network stack by proxying protocols for email, instant messaging, and more. The new designs also work with other people's software and even with other messaging protocols, including S/MIME for the first time throughout our product suite. Finally, we"ve added flexibility in how people find keys, publish them, and do so reliably with ”enough” security.

Interoperability
The most important thing we've done is to use interoperable pieces. In other words, we didn't throw the baby out with the bath water.

We make use of open, interoperable, distributed, scalable systems. Every PGP Universal Server is a keyserver. We use the same well-publicized LDAP schema that we've used since 1997. If you're technically inclined, all you have to do to play in this new game is set up an LDAP keyserver at the DNS host of keys.domain (that is, keys.pgp.com) and you're part of the system.

We also have declared peace in the certificate and message format debates. We don't care whether you use X.509, OpenPGP, or S/MIME. We'll use whatever format you want because we now support them all. And if we don't do something, please let us know. We may add an XML-based message format in the future, for example. After all, one size doesn't fit all.

We believe this strategy is paying off for the general good. One of the main reasons most email is still unencrypted is the balkanization of formats. I've been saying for years that just as there are multiple formats for displaying pictures in a Web page, there are multiple formats for security. The reason we have different formats is that they serve slightly different purposes. We're tickled pink that Entrust announced in February it will be supporting OpenPGP, too. This support will make security better for everyone and make it easier for us to interoperate with traditional PKIs. It also verifies that we're right about new models of security when one of the leaders of traditional PKIs joins our parade.

PGP Desktop 9.0
The first thing you'll see when you start using PGP Desktop 9.0 is that the UI has changed. We've changed things to more closely follow the native UI of the operating system. The Windows version looks like the rest of the Windows interface, and the Mac OS X version looks like an OS X native program. We believe there has to be tight integration with the operating system to make the product usable to people.

When you look at keys and certificates in the windows, you'll find that we've streamlined the display and now let you to edit all sorts of things in keys you couldn"t edit before. You can now change what algorithms you use, set a default keyserver, and so on. We"ve also added smart keyrings, allowing you to create virtual keyrings that show you, for example, all the keys you have for people in xyz.com.

When you start using PGP® Desktop for email, you will see that something is missing: the Encrypt button. This button has disappeared because we have integrated the PGP Universal concept of policy-driven encryption into PGP Desktop. Plugins have always been a pain: They are hard to write, hard to maintain, and often work differently for the same email client on different operating systems. We have kept the PGP® SDK interfaces, and other plugins such as those for Mailsmith and Pegasus continue to work just fine. On the other hand, the new way of using proxies and policies means we now also support Thunderbird, The Bat, or any other mail client you care to use. We do this by using a network proxy, the same proxy we use in PGP Universal Servers, but with tweaks for desktop use. Think of it as a desktop firewall that does “automagic” encryption for you.

Instead of having an Encrypt button, you can simply set the "Confidential" flag on your message. Or perhaps you'd like to have a trigger in the subject line such as the word "secret" or perhaps an "*" to be your Encrypt button. You can even have PGP Desktop scan the body of the message for text or patterns to trigger encryption or signing. You can also set it up so that whenever you send messages to certain people or domains, it will encrypt or sign them automatically. Best of all, you can set strategies for searching for keys and enforcing encryption so there's no danger of accidentally sending a message in the clear. As I mentioned earlier, we also now support S/MIME in PGP Desktop, so if you send a message to one person who has a PGP key and another with an X.509 certificate, it will send the right format to the right person.

This is a huge improvement over what's gone before. With PGP Desktop 9.0, you now have fine control over how encryption happens, yet when you're actually sending email, you don't have to think about it because the right thing just happens--automagically.

Our new way of thinking about encryption also extends to instant messaging. PGP Desktop 9.0 includes automatic AOL® Instant Messenger™ (AIM) traffic encryption. Because this is also a proxy, it doesn't matter which AIM client you use--AOL's, Trillian, or Apple iChat. If you start a conversation with someone else who has PGP Desktop 9.0, your conversation is encrypted without your doing anything.

The last major improvement in PGP Desktop 9.0 is full disk encryption, which is currently available for Windows XP only. As the name suggests, PGP® Whole Disk encrypts the entirety of the disk. It works on the boot volume as well as other disks, including removables such as flash drives. PGP Whole Disk is not a replacement for the traditional PGP® Disk (which we now call PGP® Virtual Disk). Virtual disks are like data safes. They are places to put things such as your financial data that you don't use every day, but you want kept secure. In comparison, PGP Whole Disk encryption shines at making the computer itself more secure. It protects the whole machine, making it unbootable without a passphrase or crypto token. It protects your data when you upgrade your machine or if it is lost or stolen. This new option extends the way PGP® encryption protects your data at rest from individual files, to collections of files, all the way to entire volumes.

PGP Universal 2.0
PGP Universal 2.0 is the next release of our server-based encryption system, which includes new fine-grained system management improvements and better support for Exchange and Notes servers. There are also improvements in system security. For example, we've introduced an (optional) "ignition key" for the server, which offers a way to use a smart card as an inexpensive hardware security module, allowing the security database to be encrypted on disk, decrypted at boot time, and stored in secure memory on the server. You can also have multiple administrators, each with one of the five different security levels, ranging from read-only admins to super users.

Most important, PGP Universal now integrates with all PGP® client systems. There are two types of clients: PGP Universal™ Satellite, the basic client with a minimal UI, and PGP Desktop 9.0. In previous versions of PGP Desktop, we had tools for managing groups of PGP Desktop users. These tools coordinated with the PGP Keyserver. Now, those functions are rolled into PGP Universal, which is the management system for groups of people using PGP solutions. PGP Universal works not only as a mail and policy processing system, but also as a keyserver and deployment tool. You can have a cluster of PGP Universal Servers, too, each with a different role in the integrated system.

This new way of working has many benefits. PGP Desktop can work with PGP Universal better than either could do alone. Policy-driven encryption works best when coordinated between the user's system and a server. For example, many of the complex policies, such as searching a message for keyword text, are better done on the desktop system than on the server, so we do them there. Expert users can augment the server policies with their own policies to upgrade (but never downgrade) message security. If you use PGP solutions in your organization, you'll be delighted with the coherent cooperation between PGP Desktop and PGP Universal Servers. Scaling PGP encryption throughout a large group is easy, as is configuring it for different groups with different needs.

PGP Global Directory
The last part of our integrated system is the PGP® Global Directory, our replacement for the legacy public PGP® Keyserver. Just as this legacy keyserver was built on the old PGP Keyserver product, the new PGP Global Directory is built on a new feature of PGP Universal 2.0, the Verified Key Directory (VKD). Every PGP Universal Server comes with a VKD, and the new PGP Global Directory is a slightly modified version of the VKD. We are not yet productizing the PGP Global Directory enhancements to the base VKD, but we may do so in the future.

One long-time barrier to widespread use of encryption has been finding the right key or certificate for a recipient. PGP keyservers provide a good way to search for keys; however, the previous generation of keyservers was completely trust-neutral, so keys tended to accumulate. There was no way for you to retire an old key or to cope with bogus keys.

The new PGP Global Directory solves this problem by using an email round-trip to verify that your key and your email address are associated--and then re-verifies these connections every 6 months. It also protects against spammers harvesting addresses by not allowing searches that yield more than one response.

The PGP Global Directory uses the same LDAP directory structure that has been used for years, and is therefore compatible with any OpenPGP-based system that can use an LDAP keyserver; the additional management features we"ve included are layered on top of that foundation.

What this all means is that there is now an open, integrated, distributed, and verified key management system that anyone on the Internet can use to find someone's PGP key. The PGP Global Directory, every PGP Universal Server, and even other servers such as Hushmail's key directory are all parts of a unified security system that PGP Desktop 9.0 uses to transparently encrypt and sign emails.

Conclusion
The new PGP® product releases are significant because they finally bring to the world what we've been thinking about for years. Ubiquitous security, starting with email, going to instant messaging and then to other protocols, is finally here. It's simple, usable, and scalable.

PGP News Feed