I like your message
the terms I've been using -- for this same thing --- are
Public Key Encryption (PGP, GPG) provides more than just encryption:
it provides
- Authentication
- Integrity
- Security
Authentication allows the user to verify with good certainty that a
message is in fact from the person who claims to have sent it. i.e.
PGP/GPG can defeat attackers who are attempting to impersonate
friends, associates, businesses, &c . this addresses "targeted
phishing", man-in-the-middle, and similar attacks
Integrity allows the user to be reasonably certain that a message
has not been altered either by error or by intent during
transmission
Security (encryption) allows the user to be reasonably certain that
the content of a message has not been disclosed to un-authorized
parties during transmission
for interested parties this thread will step through the procedures
needed to implement Public Key Encryption using GPG2, ENIGMAIL, and
Thunderbird. similar processing can be established using
Symantec/PGP and MSFT/Outlook.
one should note here that no security is possible if the end-point
operating software has been compromised by un-authorized
programming.
one of the critical key points that has been brought out several
times in this discussion is -- that we need to select good terms --
and then stick to them . people will catch up and understand, --
given time. one of the errors that has been made in IT over the
years is to continuously try to find the perfect words to describe
things . we just need good words and then let people catch up and
learn what the implications are.
the debauch over fake filings if IRS forms 1040 is a perfect example
of how badly the entire communication industry needs to "get with
the program" her -- if I may avail myself of an old cliche
keep up the good work ! this is a vital topic .
On 09/19/2015 11:06 PM, Robert J.
Hansen wrote:
(Forgive the HTML: this
is one of the few times where I think it’s worthwhile. This
email uses color to convey information.)
So, while relaxing with a good stogie, I started mulling over
the UX problem of communicating information about encryption
status, signatures, validity, and more. I got nowhere, which is
when I decided to burn it all down and start from a clean sheet
of paper.
Enigmail and GnuPG exist to provide the CIA triad. No, not the
intelligence agency — Confidentiality, Integrity, and
Assurance. Those are the three metrics we need to communicate
to the user. So let’s throw out all the language about
“untrusted good signature” and start over from scratch: let’s
communicate the triad.
First things first: rename it, because only hardcore nerds
understand what CIA means. (“What’s the difference between
integrity and assurance?” is a really common question in
undergraduate computer security courses. Even computer science
majors who have an interest in this stuff, as evidenced by
signing up to take a class in it, generally don’t understand
it.) I’m going to rename the triad the PAI triad: Privacy,
Authenticity, and Identity. Further, instead of giving
incredibly detailed “valid signature but the certificate has not
been validated” types of messages, let’s reduce it to binary
choices. People like binary choices: they’re easy to
understand.
- Privacy is
a binary state: yes the message was private (encrypted), or
no it was not.
- Authenticity
is also a binary state: we are confident the message is
authentic, or we are not.
- Identity
is also a binary state: we are confident it came from the
specified person, or we are not.
We can present this information to the user using just three
letters in different colors—green for yes, black for no.
Imagine, for instance, that we have an untrusted good signature
on an unencrypted message. We would then put at the top of the
email:
Privacy
|
Authenticity
|
Identity
|
Immediately, at a glance, the user can see that the message is
not private, is authentic, but we don’t know who it came from.
A good signature from a validated certificate, but no
encryption, would get marked up as—
Privacy
|
Authenticity
|
Identity
|
An encrypted message without a signature would get—
Privacy
|
Authenticity
|
Identity
|
An encrypted and signed message from an unknown certificate—
Privacy
|
Authenticity
|
Identity
|
And finally, an encrypted and signed message from a validated
certificate—
Privacy
|
Authenticity
|
Identity
|
Immediately, right at-a-glance, users get the information that’s
of most use to them: is this message private? Is it authentic?
Did it really come from the person I think it did? If the user
wants to know details about why a particular message was graded
in a particular way, they’d double-click on the header and get a
detailed breakdown of what factors went into each decision. For
instance, Enigmail might display a new window that contained
something like:
- Privacy.
This email was encrypted with your RSA key. Click here to
open this key in the Key Management window.
Camellia-256 was used for symmetric encryption.
- Authenticity.
This email was signed; however, the signature did not
check out. The message, the signature, or both, were
altered in transit. This is not necessarily a sign of
hostile action. Sometimes messages get garbled in the
process of transmitting from one system to the next.
- Identity.
This email claims to be from Robert J. Hansen <[email protected]>
with key ID 0xDEADBEEFDEADBEEF. However, we do not know
the signing key really belongs to this person. If
you’re certain the signing key belongs to this person, click here and
Enigmail will remember it for the future.
… Bam. A simple UX that everyone sees, which conveys the most
important information at-a-glance. If more detailed
information is needed, we present it in human-friendly
language and embed within the language links to help people do
common tasks related to keys.
Further, this UX is
completely independent of the trust model used by GnuPG. If
you want to use the Web of Trust, no problem. If you have --trust-model=always
set, no problem. If you’re using TOFU, no problem.
What do y’all think?
_______________________________________________
enigmail-users mailing list
[email protected]
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
--
/Mike
|
signature.asc