[Cryptography] The next generation secure email solution

Phillip Hallam-Baker hallam at gmail.com
Tue Dec 17 11:46:56 EST 2013 

On Tue, Dec 17, 2013 at 1:29 AM, John Gilmore <gnu at toad.com> wrote:

> > Need a system for handing one's keys around that protects end users from
> > the horrifying sight of actual keys or actual strong hashes of keys.
>
> But at the same time the system has to not say, "I can't deliver your
> message to that person because an invisible gnotzaframmit that I won't
> describe to you seems to be unavailable to me in the flabogrommit."
>

There are different use cases that need to be solved.

How much security we provide is going to be limited by the amount of effort
a user can or will put in.

Trust infrastructure is an obvious potential point of failure. But in the
real world none of the models that are used has a significant failure rate.
I can even pick up a key from a PGP server that does nothing to
authenticate the published keys and it is most probably the right one.


So while developing a better trust infrastructure that offers more security
and is easier to use is certainly a worthwhile goal, it is much better for
people to use any of the existing end-to-end email schemes with their
possible flaws than to send the message without encryption.

If everyone was using strong end to end encryption and we discovered that
the trust model was being exploited then we could fix the trust model much
more easily than the problem we currently face which is getting people to
use strong crypto at all.

I don't specify what the trust infrastructure is or how it works in PPE. I
have a proposal that merges OpenPGP and S/MIME but other people might have
other ideas. And even if my proposal was right for 99% of users, the
remaining 1% might have a different set of requirements.


In PPE I have three types of email address:

Mail with the to address alice at example.com will be encrypted on an
opportunistic basis. That is, it will only be sent encrypted if the trust
infrastructure returns an assertion bound to that address that says '
alice at example.com prefers email encrypted under key X'.

Mail with the to address ?alice at example.com will only be sent if it can be
sent with end-to-end encryption with a key that meets the sender's trust
criteria.

Mail with the to address
AALNAT-USYLKI-WT5OKIK-QFPDQ2-PDA at alice.example.comwill only be set if
the senders trust criteria and the criteria specified
by an email sending policy signed by a key authenticated under the
specified hash are both met.


The first two approaches are easy to use but require reliance on a trust
infrastructure. The last is a direct trust model that does not require any
third party to be trusted.

We can certainly get a lot of users using the first approach because they
don't even need to know that they are using it. I think we can even get
people to use the third if it is sufficiently sugar coated.

The gap between strong email addresses and using a regular email address
plus a PGP fingerprint might seem small but so are the differences in
usability between Windows CE, PalmOS and the iPhone 1.

Combining the fingerprint into the address makes it possible to exchange a
strong email address in (almost) every venue that supports regular emails.


-- 
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131217/10a3ebfc/attachment.html>

More information about the cryptography mailing list