[Cryptography] What does it take to make electronic communication usable and secure?

[Ralf Senderek]

There is a common misconception that we have to dump in order to make 
progress.
It's the idea of "transparent security" in relation to using the internet.

Some people think, that in order to provide secure email to ordinary
users in a way that they will actually use it, all change has to go
into the infrastructure not into the endpoint facing (and including) the 
user.
People should do essentially the same thing they do today, but also be 
secure
because an improved network in future (PKI that works, bullet-proof 
protocols
that have been fixed, servers that provide encryption, etc) will take care
of the security they need. Users don't play any role in providing this
security, it is transparent to them, if it happens, it happens because
experts have ensured it's there and works.

In this view, the user's contribution to security, and also their 
responsibility,
is close to zero. I'm quite sure this is *not* the way secure and usable
email will become a reality.

With zero involvement in the security of his email the user has zero
reliability too. The obvious conclusion is, that "using the secure
system" cannot be "as easy as using the insecure one".

If we can determine what the user's indispensable role is, what the
technical solution can expect the ordinary user to do before he might
be deterred from using it, because of its complexity, we can also 
determine
what a secure and usable email system will look like.

I may be wrong, but these are the basic requirements in my opinion:

Prologue: Secure means authenticated and confidential message exchange.
 	  The two persons that exchange messages using the system must
 	  be reasonably sure that each message they receive was created by
 	  their correspondent and will be visible only on both screens
 	  connected to these people's endpoint devices and not anywhere
 	  else.
 	  This does not (necessarily) include secure storage of the
 	  information received nor the invisibility of their exchange.

Every user of a secure and usable email system must have the ability to

1) accept or dismiss the secure exchange of messages, deliberately.
2) actively enable a secure exchange with a particular correspondent.
3) prove that all the messages leave his endpoint device properly 
encrypted.

These are three abilities to control the system that the user must have
to develop trust in its reliability.

If a user cannot control (1), the system would continue to "secure"
the communication under circumstances where a compromise of a system has
become obvious. A user must be able to stop the exchange with selected
correspondents that have become unreliable, malicious or "hacked",
he must be able to pull the plug.

If a user cannot control (2), he cannot guarantee that only his own
decision makes the secure exchange possible. Without this control, the
message exchange may be readable by a number of other third parties in
addition to the intended recipient. The initiation of the secure exchange
must rely exclusively on what the user does at the beginning of an 
exchange.
Once initiated, the system can change encryption keys as needed, but
the system cannot take the initiation out of the user's hand.

If the user cannot control (3), nothing can convince him that the intended
protection actually happens on his endpoint device using authorized
initiations by components that can be audited to do what they should do
and nothing else. Without this control, which includes physical control
of the device(s) a user needs to understandably produce the intended 
protection,
secret information can easily be leaked to network devices outside his 
control.

It is my firm believe that we cannot design a usable and secure system if 
we
do not provide support for these three controls in a way that is as 
unobtrusive
to the user as possible.

Now, what does a usable and secure system look like in technical terms, 
precisely?

     --ralf