Written by Aaron Sherman. Copyright 2001. Permission is given to copy this document in it's entirety, without modification, in any media you choose. To distribute a modified or translated version, please contact the PPS maintainer at pps-maintainer@ajs.com
PPS is a specification for email programs to follow to exchange public keys and encrypt mail. There is no PPS ``program'', though. Each email system may find its own way to impliment PPS, and may have different criteria for the user-interface.
Yes and no. PPS provides a means by which secure email encryption can occur, however, by default PPS provides a given user with minimal security, and focuses instead on transparent key-exchange.
The idea is:
PPS always includes two headers in outgoing mail:
X-PPS-Version: MyMail/1.2.3.4/GPG X-PPS-Fingerprint: 6DC1 F67A B9FB 2FBA D04C 619E FC35 5713 2676 CEAD
When a PPS-compliant mail system sees these headers, it will automatically request that user's key in the next message to him/her.
No. PPS provides a way to perform key-exchange, but it requries the exchange of a number of email messages (usually 4, two from sender A and two from sender B).
Once keys have been exchnaged, then all email should be encrypted, if your mailer follows the specification.
Hopefully not. Your mailer makes this decision, but the PPS specification works very hard to make sure that everyone can use PPS by default.
If your mailer does the right thing, you should only have to do any work to maintain PPS if you want to rule out certian classes of active attacks. If you're not interested in encryption, you should always be able to ignore PPS, but the people who are interested in encryption benefit from the fact that even your email is encrypted.
No.
This may seem disasterous, but keep in mind the goal of PPS: transparent key exchange and encryption of email. If users had to maintain passphrases for their keys, that wouldn't be very transparent, would it?
The idea is that you can put a passphrase on your key, and most UIs will want to provide an optional way to manage that passphrase (e.g. do you want to keep it in memory?)
However, by default, host-bases security is not the domain of PPS. PPS concerns itself with key-exchange and encrypting all email. This is much more valuable to the overall goal of email privacy than getting everyone to understand how and why to manage their passphrase.
Not by default.
PPS uses underlying encryption mechanisms that allow users to verify their keys out-of-band using fingerprints, but again, by default PPS is not concerned with active attacks, but getting keys out there and in use.
The great part is, once you have exchanged email with someone for weeks, you might decide to send something that's sensitive. You call them on the phone, verify key fingerprints and then continue sending mail as always.
No evesdropper can tell that your level of security was just increased unless they're also tapping your phone. Traffic analysis becomes much less of an issue with PPS than without it.