Hosted S/MIME by Google provides enhanced security for Gmail in the enterprise (opens in new tab)

(security.googleblog.com)

36 pointsdbarlett9y ago16 comments

16 comments

Now that Google is shooting to be their own CA, couldn't they mass-generate S/MIME certificates for all their users?

Even if the sender and receiver is Google-hosted, they could still encrypt mail, so it's encrypted at rest if it's copied from a user's gmail account to their local mail via pop/imap? And, since Google would be generating the private key, they could also decrypt it server-side in their secure environment, do whatever scanning for advertising/spam classification, and still deliver the same product?

As other users have pointed out, if you're trying to protect against an adversarial Google, you've already lost by using gmail. If you're going to trust them with message composition software, and transport, just go in whole-hog.

As far as I can tell, Google seems to have their security ducks in a row, and take this stuff seriously. Deployed correctly this could be another "raising the bar" event on email security, and help mitigate against servers still not requiring tls/ssl on port 25.

irq-19y ago

Not only should they mass create keys for all accounts, but they should make (other/more) keys available for any purpose. An open system where most email addresses come with a set of keys would enable many types of encryption systems (file sharing, login, messaging, etc...) Users would still have keys managed by Google (or IT, or their webmail host) so they don't have to understand key management, and they'd have someone to call when things break.

mikecb9y ago

AFAIK the recent key transparency initiative is also the missing link in bringing the end-to-end to Gmail for real.

compuguy9y ago

FYI, this is only supported by the G Suite Enterprise tier, Business and Basic do not have S/MIME support.

RKearney9y ago

> To use hosted S/MIME, companies need to upload their own certificates (with private keys) to Gmail, which can be done by end users via Gmail settings or by admins in bulk via the Gmail API.

So this is just to give the illusion of privacy and security then?

advisedwang9y ago

It gives protection against eavesdropping of messages in transit, so it's better than nothing (Even SSL+SMTP allows email relays to see the email in the clear). However it does not protect against an attacker who gets into your GMail, does not protect against warrents/NSLs/subpoenas against Google, does not protect against your domain admin accessing your message.

cvwright9y ago

I can't tell if you're agreeing or disagreeing with the parent comment.

2 more replies

chimeracoder9y ago

If you want to protect against an adversarial Google, you shouldn't be using Gmail at all.

If you want to protect against an adversarial nation-state, well, power to you, but it's an uphill battle. Use PGP, not S/MIME, and pray that everyone else knows how to use it perfectly, making no mistakes at any point ever.

ams61109y ago

TBH, if you want to protect against an adversarial nation-state, don't use email. Full stop.

stuckagain9y ago

S/MIME or other payload encryption is strictly better than SMTP STARTTLS alone because adversaries can easily defeat STARTTLS if they stand in the middle of the connection. Being so positioned will not allow them to disable S/MIME.

legulere9y ago

> end users have to manually install certificates to their email applications

This really is a problem that could be reduced. For instance there is no easy way to copy the S/Mime certificate from my macbook to my iPhone

epistasis9y ago

It's been several years since I experimented with this, but I recall that S/MIME on an iPhone was much easier to setup than GPG anywhere else, including the desktop. I think I used a USB transfer, but googling now shows guides that allow emailing a password encrypted p12 file.

CA and Web of Trust both require verifying the key fingerprints of yo want to be serious about it, but smime was much more easy to use overall.

mtgx9y ago

I wonder if Google is starting to get worried about services such as ProtonMail.

compuguy9y ago

I doubt it, since S/MIME is only for the highest G Suite tier, Enterprise.

j / k navigate · click thread line to collapse

16 comments

jasonjayr9y ago

Now that Google is shooting to be their own CA, couldn't they mass-generate S/MIME certificates for all their users?

irq-19y ago

mikecb9y ago

AFAIK the recent key transparency initiative is also the missing link in bringing the end-to-end to Gmail for real.

compuguy9y ago

FYI, this is only supported by the G Suite Enterprise tier, Business and Basic do not have S/MIME support.

RKearney9y ago

> To use hosted S/MIME, companies need to upload their own certificates (with private keys) to Gmail, which can be done by end users via Gmail settings or by admins in bulk via the Gmail API.

So this is just to give the illusion of privacy and security then?

advisedwang9y ago

cvwright9y ago

I can't tell if you're agreeing or disagreeing with the parent comment.

2 more replies

chimeracoder9y ago

If you want to protect against an adversarial Google, you shouldn't be using Gmail at all.

ams61109y ago

TBH, if you want to protect against an adversarial nation-state, don't use email. Full stop.

stuckagain9y ago

legulere9y ago

> end users have to manually install certificates to their email applications

This really is a problem that could be reduced. For instance there is no easy way to copy the S/Mime certificate from my macbook to my iPhone

epistasis9y ago

CA and Web of Trust both require verifying the key fingerprints of yo want to be serious about it, but smime was much more easy to use overall.

mtgx9y ago

I wonder if Google is starting to get worried about services such as ProtonMail.

compuguy9y ago

I doubt it, since S/MIME is only for the highest G Suite tier, Enterprise.

j / k navigate · click thread line to collapse