crypto flaw in secure mail standards
Don Davis
dtd at world.std.com
Sat Jun 23 20:59:23 EDT 2001
At 10:15 AM -0500 6/22/01, Don Davis wrote:
> All current secure-mail standards specify, as their
> "high-security" option, a weak use of the public-key
> sign and encrypt operations.
please forgive my failure to reply to the list
members' comments individually, but my paper has
attracted so much mail, that i can't fulfill my
obligation to answer each of you courteously.
your critiques fall into a few categories:
* old news; there's no new crypto problem here;
* not a crypto problem, but a foolish-user problem;
* not a crypto problem; the attacks work even
without encryption, and even with surface mail;
* not a crypto problem, because the problem is
easily fixed with signed header-info, or with
signed salutations.
* this problem is one of a large class that's
too hard to fix in full generality.
my paper raises almost all of these points, and i
agree with all of them, except with their common
theme: "it's not really a crypto problem." in my
paper, i argue that there _is_ a clear-cut lapse of
good crypto-protocol design here. the most basic
difference between my claim and the critiques, is
about usability. i believe today's secure-mail
protocols should fulfill today's users' rather
naïve and inarticulate expectations about security
and ease-of-use. unfortunately, today's secure-mail
protocols were designed before these naïve newbie
users flooded into the net. this isn't the fault
of the diligent and brilliant engineers who contri-
buted to the various secure-mail standards. but,
i suggest that it's more realistic to revisit their
work, and to change the secure-mail protocols and
products, than it is to try to change all of the
net's naïve users into crypto-aware users who can
wield the current secure-mail products effectively.
- don davis, boston
-
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list