[Cryptography] Email is unsecurable

ianG iang at iang.org
Mon Nov 25 01:01:31 EST 2013


On 23/11/13 15:30 PM, Ralf Senderek wrote:
>
> On Sat, 23 Nov 2013, David Mercer wrote:
>
>> But of course you're right about actual current usage, encrypted email
>> is an
>> epic fail on that measure regardless of format/protocol.
>>
>> -David Mercer
>
> Yes, but it's about time we do something about that. Do we *exactly know
> why* it is such a failure?


It's an interesting question, and one worth studying for pedagogical 
motives.  From my experiences from both sides, it is clear that both 
sides failed.  But for different reasons.

S/MIME failed because it is an atrocious key management design. 
Everything about it is designed to rely on certs, and nobody wanted to 
buy certs, and when you bought them, they didn't work well enough.  It's 
a CA's perfect protocol because it places the cert at the apex of the 
mission, and a user's nightmare because certs fail too frequently in the 
aggregate to avoid the curse of K6 -- turn it off, dump it.  In 
practical import (from actual experience), if you had a group of say 12 
people with one year certificates, every month some person was failing 
to communicate because her cert had expired.... Do the math.

PGP failed because it never succeeded in conquering the GUI clients. 
That was in part because of what PHB calls the Betamax-VHS war.  The 
providers of the major clients were already in the certificate camp, so 
they locked out the PGP side.  It was beyond the resources of the PGP 
group to crack that barrier.

If you look at the other big comparison, SSL, it won its early battles 
against the alternatives in part because one company held the reins, 
Netscape.  They were able to force through their decisions.

But, there are other reasons.  If you look at the overall picture, there 
are many other difficulties.

For example, consider traffic analysis or metadata or mass surveillance 
-- neither side did anything about that.  In fact, they made it worse. 
Both sides did not encrypt the entire important data, the Subject: being 
the obvious thing that wasn't encrypted.  S/MIME clients made it far 
worse by insisting that the From: field had to match the certificate 
used;  which made it a *validated surveillance indicator* as opposed to 
just another input to the spam filter.

Then, look at the design of email.  Too many steps, too many processes, 
too many disjoint systems under too many different RFCs.  Difficult.

Then, webmail -- is it encrypted at the server (SSL?) or in the client 
(c.f. Hushmail).  How many other clients, how many gateways, etc.

Then, the assumptions of email.  Everyone can send an email, and the 
cost is zero.  Result: spam.

Hence, I've concluded that email is unsecurable.  Obviously Jon and PHB 
and Ladar think differently.  I applaud their efforts and hope they 
prove me wrong.  But the lessons of Skype and Facebook and Netscape are 
writ very large -- great security achievements come from 3 party 
networks, not 4 party networks.



iang


More information about the cryptography mailing list