What is S/MIME?
S/MIME is the name given to Secure MIME or Secure encryption of attachments when they are added to email messages. S/MIME requires a both a private and public key. The public key is stored and made available to those who wish to send users an encrypted message. So to send a message via S/MIME the sender must look up the public key in a global directory or already have it available. Once the key has been found, the sender must encrypt the message/attachment and forward it to the destination server.
In order for the message to be read, the encrypted message must be decoded by the mail client or by the mail server. There are issues with either of these solutions:
- Decryption by the mail client. At the current time, not many mail clients support S/MIME decryption. Further there is the issue of configuring the mail client with the correct private key so that decryption works OK. Since messages are stored encrypted, if the key becomes
compromised at any point in the future and must be changed, there is the risk that the messages will become unavilable in the future.
- Decryption by the mail server. This requires the server to hold both the encryption and decryption key for each user. Clearly there will be additional load on the server as it manages each message and messages are likley to be stored unencrypted on the server itself (there is no point in them being encrypted since the key is available on the server).
There are still several issues to be resolved:
- Global directories To date, there is no global directories where public keys can be obtained. This means that finding the appropriate key can be challenging and may lead to users taking the least resistance and >not encrypting information at all.
- Compatibility There are some issues between different implementations of the S/MIME protocol.
- Compromised keys Managing and revoking compromised keys without loosing access to information is challenging.
While S/MIME has uses in very specialised areas where control of security options is straight forward, for most people, the additional cost of complexity is prohibitive.
Keywords:S/MIME MIME SSL security encryption decryption