Several analysts are willing to sell you surveys regarding the use of
encrypted e-mail. Full disclosure: I'm a contributing consultant with one
of these firms, Ferris Research (www.ferris.com).
With regard to web-based secure e-mail (as sold by Tumbleweed, ZixCorp,
Sigaba, Authentica, and others), they are probably the most commonly used
solution, though they are not, strictly speaking "e-mail". They are
excellent for a B2C environment, but have significant issues when deployed
in a B2B situation.
Another system that is gaining popularity is domain (border) encryption
using S/MIME gateways. This is in use today by the FDA and Pharmas, as well
as in New Zealand's SEEMail system. In addition, the Open Group and
Massachusetts Health Data Consortium (the latter of which I also consult
for), are developing a product certification program for these. The primary
driver for this is to allow MA healthcare organizations to have
HIPAA-compliant e-mail with business partners.
Indeed systems that require broad deployment of PKI are considered
non-starters by most organizations I've worked with.
1 Moon Hill Road
Lexington, MA 02421
From: "Anders Rundgren" <anders(_dot_)rundgren(_at_)telia(_dot_)com>
Date: Sat, 29 May 2004 16:32:35 +0200
To: "Juergen H" <jha(_at_)aon(_dot_)at>, <ietf-smime(_at_)imc(_dot_)org>
Subject: Re: Survey about S/MIME or the use of encrypted eMails in general
There are some good surveys about spam, viruses etc -
but I didn't find something interesting about encrypted eMails.
Due to the absence of a working key-distribution system
encrypted mail is mainly a nice theory. You will probably
get messages from people claiming that they are "encrypting
e-mails all the time" but they do not represent the bulk of the
Actually, there is a de-facto system for secured messaging
that has considerable advantages over S/MIME and that is to
use e-mail notifications containing https links to web-sites
where the user can (after authentication) access messages which
does not have to be encrypted as the communication between
the web-site and the user is protected by SSL. This scheme
also allows a user signing off that he or she really has seen
(downloaded) a message. This is the scheme e-governments
will most likely use for C2G messaging.
Another problem with message encryption on a wider scale
is that if you lose the encryption key you probably lose the
information as well.