<div dir="ltr"><div dir="ltr"><br></div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Mar 22, 2019 at 9:54 AM Henry Baker <<a href="mailto:hbaker1@pipeline.com">hbaker1@pipeline.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">At 06:13 PM 3/21/2019, Yoav O Yerushalmi wrote:<br>
>Have you looked at existing tool/systems like hush mail or protonMail ?<br></blockquote><div>.. <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
>> What is the best (most secure & easiest to<br>
>> use) system for *non-crypto* people to use<br>
>> who have different platforms?<br></blockquote><div> ....</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
In particular, I didn't want encryption built into:<br>
<br>
* email<br>
* browsers<br>
* compression (e.g., 'zip')<br>
* pdf<br>
</blockquote><div><br></div><div>I assume you do want compression.<br>And I assume before encryption.<br>Data compresses differently so compression needs to be adaptive.<br>Abuse of decompression bombs intentional or not is a consideration.<br><br></div><div>The reuse of pass phrases and keys requirement opens a lot of questions and is in isolation is itself a project.<br>Even if secrets are well hashed the phrases and keys information needs to be well managed.<br>So there is hidden in this a pass word management function a key management tool specification.<br>That is a difficult topic. It need not be all present at day one but for sure thought through so it can<br>all be addressed. <br><br>The key management tool likely needs to stand alone and may need an audit function <br>for businesses. What is the life of these keys and phrases? If six months<br>and three are sent a day then there is a 3x180 FIFO rolling key set to manage.<br>If different packages have different retention requirements then the meta data needs <br>a date and retention policy. The key management tool might need integration into the<br>packaging system for usability but keeping secrets in a multi purpose tool is a security<br>risk... <br><br>A key management tool seems central to this project.<br>It needs to remember keys sent to you, remember keys used, as well as keys generated.<br>It needs a function "Was this used before?" which need only test a table of <br>hashed keys which is still a risk to protect. <br>In an audit litigious world with millions of $$ on the line some proof that<br>the data intended to be sent was sent and the key communicated correctly makes sense.<br>The packaged collection of files implies multiple authors and tracking.<br>Thus the table of contents (meta data) of the package likely needs digital signatures.<br>Payment schedule.doc signed by finance, engineering documents signed by engineering.<br>contract draft signed by legal. marketing names and stuff signed by marketing eyes only too,</div><div>test-results.doc, change-log.doc.<br><br>Each sub document author's keys need to be managed and verified. The packager<br>needs to sign the package then deliver it. The package structure may need compartments <br>and internally have encrypted and signed content. The package author can verify keys<br>that may not need to be verified by others. <br><br>Simply sharing the encryption key allows any with the shared pass phrase the opportunity to alter<br>and encrypt the package thus as evidence and for contracts there is no value only safety<br>while in transport. The structure of the package needs to allow signatures and integrity checks.<br><br>Should keys be archived, purgeable or revokable in the key management process.<br>If the employee doing the packaging can a transfer be made.<br>Can management audit, should management adit.<br><br>Done correctly and portably this is a product itself.<br><br>A simple person2person transfer is simple. The party line games are more interesting and</div><div>big money implies an audit trail.</div><div><br><br></div></div><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"> T o m M i t c h e l l<br></div></div></div></div></div></div></div>