how email encryption should work (and how to get it used...)
Amir Herzberg
herzbea at macs.biu.ac.il
Wed Mar 30 06:00:35 EST 2005
I think this is a good summary of how it should work, except, that I
don't think messages should be signed by default, only authenticated
(MAC). Users should be clearly aware of making a non-repudable statement.
Plus, it may be preferable to use something like matasignatures.org to
ensure authenticated e-mail does not alarm recipient with non-compliant
e-mail clients.
A missing element is motivation for getting something like this
deployed... I think spam could offer such motivation; and, I strongly
believe that a cryptographic protocol to penalize spammers could be one
of the most important tools against spam. I've presented such a simple
crypto protocol (SICS) in SCN'04 [available off my site], and now work
on open-source implementation (with student Jonathan Levi) of an
improved version (SICSv2...), to be published soon. [I can send draft to
experts willing to provide feedback...]
Best, Amir Herzberg
James A. Donald wrote:
> --
> In my blog http://blog.jim.com/ I post "how email
> encryption should work"
>
> I would appreciate some analysis of this proposal, which
> I think summarizes a great deal of discussion that I
> have read.
>
> * The user should automagically get his certified
> key when he sets up the email account, without
> having to do anything extra. We should allow him the
> option of doing extra stuff, but the default should
> be do nothing, and the option to do something should
> be labelled with something intimidating like
> “Advanced custom cryptographic key management" so
> that 99% of users never touch it.
>
> * In the default case, the mail client, if there are
> no keys present, logs in to a keyserver using a
> protocol analogous to SPEKE, using by default the
> same password as is used to download mail. That
> server then sends the key for that password and
> email address, and emails a certificate asserting
> that holder of that key can be reached at that email
> address. Each email address, not each user, has a
> unique key, which changes only when and if the user
> changes the password or email address. Unless the
> user wants to deal with “advanced custom options”,
> his “from” address must be the address that the
> client downloads mail from – as it normally is.
>
> * The email client learns correspondent's public
> keys by receiving signed email. It assigns petnames
> on a per-key basis. A petname is also shorthand for
> entering a destination address (Well it is shorthand
> if the user modified it. The default petname is the
> actual address optionally followed by a count.)
>
> * The email client presents two checkboxes, sign and
> encrypt, both of which default to whatever was last
> used for this email address. If several addresses
> are used, it defaults to the strongest that was used
> for any one of them. If the destination address has
> never been used before, then encrypt is checked if
> the keys are known, greyed out if they are unknown.
> Sign is checked by default.
>
> * The signature is in the mail headers, not the
> body, and signs the body, the time sent, the
> sender's address, and the intended recipient's
> address. If the email is encrypted, the signature
> can only be checked by someone who possesses the
> decryption key.
>
> * If the user is completely oblivious to encryption
> and completely ignores those aspects of the program,
> and those he communicates with do likewise, he sends
> his public key all over the place in the headers,
> signs everything he sends, and encrypts any messages
> that are a reply to someone using similar software,
> and neither he nor those he corresponds with notice
> anything different or have to do anything extra –
> other than that when he gets unsigned messages, or
> messages with an key different from the previously
> used key, a warning comes up – an unobtrusive and
> easily ignored warning if he has never received a
> signed message from that source, a considerably
> stronger warning if he has previously received
> signed mail from that source.
>
> --digsig
> James A. Donald
> 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
> gOiN3HXQALAQHbKEOYdu/aZClRbPTEfjzyLpGAMx
> 4dJddm3vIwGuBnfc933djUV6zT4DWvM26KobmzFyC
>
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
>
> .
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list