crypto flaw in secure mail standards

Don Davis dtd at world.std.com
Sat Jun 23 20:59:23 EDT 2001 

At 10:15 AM -0500 6/22/01, Don Davis wrote:
> All current secure-mail standards specify, as their
> "high-security" option, a weak use of the public-key
> sign and encrypt operations.

please forgive my failure to reply to the list
members' comments individually, but my paper has
attracted so much mail, that i can't fulfill my
obligation to answer each of you courteously.

your critiques fall into a few categories:

   * old news; there's no new crypto problem here;
   * not a crypto problem, but a foolish-user problem;
   * not a crypto problem; the attacks work even
     without encryption, and even with surface mail;
   * not a crypto problem, because the problem is
     easily fixed with signed header-info, or with
     signed salutations.
   * this problem is one of a large class that's
     too hard to fix in full generality.

my paper raises almost all of these points, and i
agree with all of them, except with their common
theme: "it's not really a crypto problem."  in my
paper, i argue that there _is_ a clear-cut lapse of
good crypto-protocol design here.  the most basic
difference between my claim and the critiques, is
about usability.  i believe today's secure-mail
protocols should fulfill today's users' rather
naïve and inarticulate expectations about security
and ease-of-use.  unfortunately, today's secure-mail
protocols were designed before these naïve newbie
users flooded into the net.  this isn't the fault
of the diligent and brilliant engineers who contri-
buted to the various secure-mail standards.  but,
i suggest that it's more realistic to revisit their
work, and to change the secure-mail protocols and
products, than it is to try to change all of the
net's naïve users into crypto-aware users who can
wield the current secure-mail products effectively.

				- don davis, boston






-






---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list