[Cryptography] Other obvious issues being ignored?
John Denker
jsd at av8n.com
Tue Oct 20 19:43:57 EDT 2015
On Oct 20, 2015, at 12:16 PM, I wrote:
>> PGP doesn't even try to encrypt the Date: and Subject: lines ...
>> for no good reason.
On 10/20/2015 03:04 PM, Ron Garret replied:
> I disagree that there is no good reason. If you’re trying to go back
> through your records to find a particular piece of correspondence,
> having unencrypted Subject lines can come in awfully handy.
Irrelevant. See below.
> Search is an essential part of today’s workflows, but
Irrelevant twice more.
When I am searching email, I very often want to do a full-text
search. So I need to decrypt the entire message anyway. As
the intended recipient, I can do that. Also if I want to
selectively decrypt some of the headers, I can do that.
The fact that I need to decrypt it in order to read and/or search
is irrelevant to the point I was making earlier, namely that there
is no good reason for it to be sent in the clear over the wire ...
especially when the wire belongs to a wholly-pwned subsidiary of
They-Who-Must-Not-Be-Named.
Furthermore, as I have previously discussed in this forum, there
are reasons why some of the metadata should be encrypted with
separate keys, and made available on a need-to-know basis. For
example, a forwarder needs to know the next hop, and perhaps
some evidence of authorization, but nothing else.
I still say: Metadata is data. A cryptosystem that leaks metadata
is a cryptosystem that leaks. A lot of stuff is currently sent
in the clear for no good reason.
> AFAICT searching encrypted contents securely is an unsolved problem.
Secure search is not particularly harder than secure reading.
I copy the ciphertext onto a physically-secure machine. If necessary
I post a couple of armed guards outside the door and lock the door.
Then I decrypt the messages, search them, read them, et cetera.
The hard part is zeroizing the machine afterward. (See previous
message.) I zeroize it as best I can, and then lock the whole
machine in a tamper-resistant safe for good measure.
That doesn't entirely solve the problem, but it moves it a good
ways down on the list, to the point where I've got more important
things to worry about.
More information about the cryptography
mailing list