[Cryptography] Dark Mail Alliance specs?
Peter Fairbrother
zenadsl6186 at zen.co.uk
Wed Mar 26 19:05:03 EDT 2014
On 26/03/14 19:45, Bear wrote:
>
> I don't want to divert you from what may be an entirely useful course,
> but I'm firmly of the opinion that interoperability with present email
> infrastructure, or even the attempt at it, is fatal to privacy. In
> fact even the promise of such interoperability is a strong reason to
> NOT trust a new encrypted email application.
I agree, especially with the comments and vulnerabilities you make
below, and there are also issues with malware and spam detection.
However, I am of the firm opinion that if it isn't compatible with
ordinary email then it won't get widely adopted, full stop.
So the only option, as I see it, is to make it interoperable, but to
also close those holes - which may take some doing, especially the sync
issue.
The rest is bad, but doable - eg attachments and clickable links are
sent in a single chunk to the browser, which has no access to the
contents of any other emails.
The browser may be insecure - but the email client need not be. The idea
here is not to make the system securer, just to make email as secure as
needed.
Not all messages need a very high level of security - the functionality
of those that do need that level of security can be limited.
I'd like to repeat my first two objectives:
1) to eventually get a majority of all email sent end-to-end encrypted
to a minimum security standard, such that active measures are needed to
intercept and read it.
2) to be usable in a highly secure manner if and when that is required.
Now S/MIME fails to do the first, and PGP fails to do the second [1] --
mostly or solely simply because very few people implement and use them.
[1] except in very limited cases, but eg read about Snowden trying to
get the journalists to use PGP
--Peter Fairbrother
>
> By the time you have something that allows email to "sync" seamlessly
> across several devices, allows file attachments, allows clickable
> URLS to invoke browsers that can execute scripts, can show attached
> file contents to a browser so people can use a (script-executing!)
> browser to view it, links to external libraries to resolve MIME
> types, and uses plugins created for unencrypted systems, you have
> introduced at least a dozen gaping holes that some black-hat can and
> will drive a tank through.
>
> It does no good to encrypt messages in flight (or even on disk!) if the
> application that can read those messages sprays access to them around
> indiscriminately to whatever happens to be installed on the user's
> machine.
>
> Bear
>
>
>
More information about the cryptography
mailing list