[Cryptography] Microsoft announces new email encryption misfeature?

John Gilmore gnu at toad.com
Tue Nov 26 23:03:19 EST 2013 

http://blogs.office.com/b/office365tech/archive/2013/11/21/introducing-office-365-message-encryption-send-encrypted-emails-to-anyone.aspx

  We're pleased to announce the upcoming release of Office 365 Message
  Encryption, a new service that lets you send encrypted emails to
  people outside your company. No matter what the destination --
  Outlook.com, Yahoo, Gmail, Exchange Server, Lotus Notes, GroupWise,
  Squirrel Mail, you name it -- you can send sensitive business
  communications with an additional level of protection against
  unauthorized access.

http://windowsitpro.com/blog/office-365-message-encryption-protect-your-email-against-spooks

  "Messages are 2048-bit encrypted using SHA-256 with the private key
  of the Office 365 tenant domain. Recipients have no knowledge of
  this key, so when they receive the message, they'll see that it
  contains an encrypted attachment together with some instructions as
  to how to view the content.  ...

  Clicking on the attachment opens a new browser window connected to a
  page on the Office 365 Message Encryption portal (a company can
  customize this page with its logo and some directive text to tell
  end users what to do). The user then has to authenticate themselves
  using a Windows Live or Office 365 ID before content can be
  decrypted and presented in an Outlook Web App-like interface.  ...

  It's also important to realize that this implementation is strictly
  browser-based for now in terms of accessing encrypted message
  content and that there is no offline client support. In other words,
  Office 365 Message Encryption likes to seek reassurance from the
  mother ship when [you try to read] encrypted messages.

In this message I'm reverse engineering this offering from the clues
in the announcement, so take this with a boulder of salt.  Maybe
somebody here knows the actual design?

The encryption is done in the Microsoft Exchange server, not in the
client.  A nice centralized insecure place.  No changes to the
sender's user interface; a sysadmin writes rules for which outgoing
emails will get encrypted.  Users can't tell which of their emails
will end up encrypted at the other end (i.e. which emails will come
through garbled and unreadable offline).

It ends up sending a very spam-like message to the recipients,
containing an attachment and a demand that they "open the attachment",
"follow the instructions", and "sign in using the following email
address" (theoretically your own).  I don't know any security
professionals who recommend following such directions in a received
email.

Apparently despite the "no matter what the destination"
marketing-speak in the announcement, it only works for recipients who
are on Microsoft Hotmail or who use MS-Office Exchange (otherwise you
don't HAVE a password that can authenticate you to a Microsoft "secure
e-mail portal").

It claims that "when the receiver replies to the sender, or forwards
the message, those emails are also encrypted".  This is a bizarre
claim that seems to indicate that the recipient can only reply or
forward this email via the Microsoft website rather than via their own
mail reader.  Sounds highly confusing to ordinary folks, who expect to
use their chosen email interface to forward or reply to their emails.
The illustration looks like it also dumps a Microsoft Word editing box
into your browser, just so you can send your Microsoft-proprietary
encrypted reply in a Microsoft-proprietary word processor format?

It doesn't seem to interoperate with *any* other encrypted email
systems.  The idea is apparently that your email client invokes a web
browser to access a web site to retrieve the email.  Either that, or
your web browser locally runs Javascript from the attachment, which is
even more dangerous since it might well be a fake email.

A doctor I use tried sending me encrypted emails with a scheme similar
to this, a few years ago.  I could never read them -- but I don't
"open" attachments nor type my passwords into random remote websites.

Looks like an epic fail to me, but people who pay Microsoft for
operating systems may be dumb enough to use it.  Anybody know more?

	John

More information about the cryptography mailing list