Secure Email

The world has outgrown SMTP, it's as simple as that. It's old, insecure and unreliable in it's implementation variety. I have been advocating for a while an IPV6 style long term replacement strategy for Internet email transport, but in the mean time (or possibly forever) we must live with what we have.

Without getting into the slightly complex political ramifications, we already have cheap or free and open options for digitally signing and/or encrypting email that integrates with popular Windows, Mac and Linux mail clients.

One very thorny issue, however, is the whole CA (Ceritificate Authority) structure and the associated costs. But there are simple solutions that while not 100% perfect, are 110% better than unprotected email.

One of the pieces in the puzzle is running your own self-signed CA. For a small business (or large business), however, the supporting infrastructure of a self-signed CA can seem daunting. Mostly, it's just because the commandline arguments of the OpenSSL software is complex and sometimes reverse-intuitive. A recent O'Reilly Network article (available at this link) has some good instructions about OpenSSL CA's and PKI (public key infrastructure), but it's ideas about making s/mime email parts at the commandline are not what I would consider to be best practice!