* Phillip Hallam-Baker wrote: >We need an email security infrastructure and recent events demonstrate that >the infrastructure we develop needs to be proof against PRISM-class attacks.
>http://www.ietf.org/id/draft-hallambaker-prismproof-dep-00.txt The document is a bit of a mixed bag mixing analysis, requirements, pro- posals, and other things in a manner I find hard to follow. To turn this a bit around, if I wanted to create a secure email system, the first thing I would probably think about is scope. You mention "PRISM". If "PRISM" is some sort of "FAA 702" program, and that law seems to be [The] Attorney General and the Director of National Intelligence may direct, in writing, an electronic communication service provider to (A) immediately provide the Government with all information, facilities, or assistance necessary to accomplish the acquisition in a manner that will protect the secrecy of the acquisition and produce a minimum of interference with the services that such electronic communication service provider is providing to the target of the acquisition; ... one scenario I would think about two people with tablet computers that run the Acme tablet operating system and they are both using the Acme Web Mail system through the Acme browser and they are connected to the Internet over Acme Fibre. Now the United States want to read their mails to determine whether they or their associates need to be brought free- dom and democracy, and they tell Acme to make that happen using the law above. Is the system supposed to help the two exchange mails securely? Another scenario is that the supposedly secure email system relies on personal private long-term cryptographic secrets, and then the system becomes popular. How long before helpful cloud backup and cross device synchronisation systems compromise the keys? For that matter, how many will surrender the keys freely to their web mail system, for spam and virus checks, or a coupon? On Google's Android system you can get some cloud backup service, but only if you let Google have all "your" Wi-Fi passwords (which often aren't yours to share with Google). I also wonder whether active MITM attacks, where the bits on the wire are changed, are really much of a concern for such a system, compared perhaps to mass-scale passive eavesdropping; how important is being able to find out whether your conversations are being monitored? Another point is compatibility with the deployed email infrastructure. It seems rather trivial these days to establish new communication sys- tems to hundreds of millions of users; it's been done quite a number of times in recent years. It seems to disregarding the deployed protocol might make many desirable features available that are difficult to fit in with the existing system, like encrypting subject headers and local parts of addresses. Similarily, some features might be easy to let go of, asynchronous offline delivery for instance is less interesting in a always-on world. That is what comes to mind thinking about securing the email system and it is a bit of a long way from there to issues around web browsers ge- nerating cryptographic certificates or the merits of S/MIME. -- Björn Höhrmann · mailto:[email protected] · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
