X.509 / PKI, PGP, and IBE Secure Email Technologies
James A. Donald
jamesd at echeque.com
Wed Dec 7 11:40:33 EST 2005
--
From: Ed Gerck <edgerck at nma.com>
Subject: X.509 / PKI, PGP, and IBE Secure
Email Technologies
> http://email-security.net/papers/pki-pgp-ibe.htm
>
> X.509 / PKI (Public-Key Infrastructure), PGP (Pretty
> Good Privacy) and IBE (Identity-Based Encryption)
> promise privacy and security for email. But comparing
> these systems has been like comparing apples with
> speedboats and wingbats. A speedboat is a bad apple,
> and so on.
We can, and should, compare any system with the attacks
that are made upon it. As a boat should resist every
probable storm, and if it does not it is a bad boat, an
encryption system should resist every real threat, and
if it does not it is a bad encryption system. And no
blaming the users. An encryption system must
accommodate the user, not the user the system.
Problem 1: The primary weakness of existent email is
its vulnerability to after the fact investigations.
Problem 2: The secondary weakness is ease of forgery. So
far spammers are not making much effort to forge their
way through your white lists, but phishers are forging
the identities of organization's with which you are
likely to have relationships.
Most efforts have been directed at problem 2, but the
true names approach as failed for web sites, and it is
too burdensome for people even to try for email
The user interface has to be a web page button "Please
click here to us to send, and you to whitelist, our
emails about blah blah " User clicks. Browser Chrome
pops up. "Will you white list emails signed by public
key YJQwlHzIzHP7nm04t3CFcrjFlMY, apparently
controlled by website www.bankofadelaide.com, common
name Bank of Adelaide, current favorite name
/favorites/banks/Bank of Adelaide - Home - Personal,
proposed petname banks/Bank of Adelaide - Home -
Personal
The spam filter has to pop up THE EXACT SAME BROWER
CHROME, when the user tells it to whitelist a signed
email that has been wrongly spam filtered.
Crap with certificate authorities or web of trust just
is not flying, and is not going to fly.
But, of course, the really serious attack is problem 1,
the problem that there are too damn many copies of email
floating around, due to sending it in the clear and the
store and forward architecture, which has got lots of
people into really deep trouble.
The only copies should be those that the sender, and the
receiver, choose to keep, and they should be encrypted
with the user's email passphrase, the user's email
passphrase should be known only to the client, not to
the server, and the user's passphrase should have all
the usual strengthening to minimize the effectiveness of
offline dictionary attack. To limit the number of
possible copies, email should be sent by a direct
connection from the client to the recipient mail server,
rather than this store and forward crap.
Of course this is not email as we know it. It is a new
and wholly incompatible protocol, which can be
transparently gatewayed to email as we know it.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
EHhbMLsVYHKM99sSClQYV0/o/XVA5PN4UrXpsU0v
4ca9QRhhmxSqwOK6ef12X8jbDKTR/AMD0r8RQzn9j
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list