I’ve been doing a lot more experimenting after my last post, and looking back I realize now that I came into this with a very strong PGP bias.
Don’t get me wrong – I still think PGP is neat. It’s the most flexible in pure terms, and because there are open source versions of it there is a solution for almost every need. The problem is that in day to day use, they almost all get pretty tiresome pretty quickly.
I also realized that while Thawte’s process for getting a key is a bit lumpy, it’s really not as bad as I thought. First, you can have multiple ID’s in one key. Second, you can export the keys from one application to another. True, you do have to enter the password three times but the reason is that two of those times are because it’s offering to let you choose a new password.
Thunderbird with Enigmail is the most graceful solution for free. It is really slick, with the PGP part working as smoothly as the Digital ID – s/mime part. If I had to use both, it would be my first choice.
The thing about s/mime (what I was improperly calling Digital ID) is that it’s really quite transparent in daily use, but not so invisible that you don’t know if it’s working or not. A small lock or ribbon icon on an email confirms that it’s secure, while in Outlook it even prevents you from viewing the email in the preview pane.
Transferring keys is different as well – the software can be set to send your key (they call it a certificate) when you send a signed email. This allows the recipient to pull your key in and use it to send you encrypted email in the future.
Key management isn’t as bad as I thought. While they may expire (I’m not sure they all do) the system keeps track of them more or less automatically – at least in my brief experience it seems to. They are reasonably easy to back up as well, and don’t seem to be computer-dependant as I had originally thought.
So, while I had thought PGP was the easier method, I now believe s/mime is easier – at least it has been in actual use.