Lawyers Would Rather Fly Than Download PGP

An anonymous reader writes "The NYTimes is running a front-page story about lawyers for suspects in terrorism-related cases fearing government monitoring of privileged conversations. But instead of talking about the technological solutions, the lawyers fly halfway across the world to meet with their clients. In fact, nowhere in the article is encryption even mentioned. Is it possible that lawyers don't even know about PGP?" The New Yorker has a detailed piece centering on the Oregon terrorism case discussed by the Times.

S/MIME, anyone?

[danaris]

What is it with the Slashdot crowd and PGP? What's wrong with S/MIME?

I can say with some authority, having been evaluating and testing it for my company for some months now, that it is natively supported by current versions of the 3 major email clients (Outlook, Thunderbird, and Apple Mail), and that their implementations are, by and large, compatible.

So...are there any particular issues with S/MIME that make PGP a significantly more desirable solution?

Dan Aris

Re:S/MIME, anyone?

[Tacvek]

What is it with the Slashdot crowd and PGP? What's wrong with S/MIME?

I can say with some authority, having been evaluating and testing it for my company for some months now, that it is natively supported by current versions of the 3 major email clients (Outlook, Thunderbird, and Apple Mail), and that their implementations are, by and large, compatible.

So...are there any particular issues with S/MIME that make PGP a significantly more desirable solution?

Dan Aris

I think many Slashdot poster prefer OpenPGP encryption to S/MIME because OpenPGP is not email specific, and having 2 different keys (an S/MIME email key, and a PGP key) is not ideal. Further I suspect the PGP Web of Trust model is preferred by many of us to the CA model. Of course, there are ways around both things, but it may be slightly easier to use PGP for email than to deal with those issues. However, for your uses (depending on what they are), S/MIME may indeed be the best solution.

Re:S/MIME, anyone?

[Chandon+Seldon]

OpenPGP software allows you to easily self-generate valid keys. Doing the same with S/MIME (self-signing certificates) is really obnoxious. Further, OpenPGP clients tend to support a web-of-trust introduction model which is strictly better for actual security than the centralized commercial PKI model that S/MIME software tries to force on users.

For sending secure messages within a medium to large sized organization there is some argument for S/MIME using a local CA, but even then simply emulating the same effect with a organization PGP key signer and key server is probably cleaner.

Re:How my conversation went...

[Actually,+I+do+RTFA]

inally the lawyer who had just spent a few days at a HIPPA conference sees the light. DING DING DING Clueless I swear.

Don't confuse your specialized knowledge with common knowledge. Your phrasing assumes that encryption, as a word, conjures up images as it would in a geek's mind (and more than five years earlier than now, when it was less well known.) Obviously they explained it better at the HIPPA conference.

Really, I doubt had I not already know what encryption, or the ease of e-mails being read by third-parties, I would have gained nothing from your explaination.

A possible alternative: It is easy for any third party to read your e-mails. Encryption uses a password (or automatic process) on both ends to make sure that only you and your recipients can read the e-mail. It also verifies that the person who claims to have sent the e-mail did, since falisifying the sender of an e-mail is also very easy.