On 21 Mar 2014, at 15:53, Nicholas Weaver wrote:
> > On Mar 21, 2014, at 8:10 AM, Robin Wilton <[email protected]> wrote: > >> >> >> On 21 Mar 2014, at 13:00, Nicholas Weaver wrote: >> >>> >>> On Mar 21, 2014, at 4:40 AM, Robin Wilton <[email protected]> wrote: >>> >>>> To pick the obvious nit... >>>> >>>> Even if an email goes from my browser to Google's servers over https, and >>>> goes between Google's servers over https, I did not see a commitment to >>>> encryption of the email when it is at rest, rather than in motion... >>> >>> To reply with the obvious: It is IMPOSSIBLE to secure data at rest in the >>> context of a webmail system: server control can always enable accessing of >>> all documents when the user logs in to check their webmail. >> >> I'd dispute your use of the word "impossible". It might be tricky to design >> something easy to use, and it would raise the usual end-to-end encryption >> problems of key exchange and key management, but there's nothing inherent in >> webmail as a transfer mechanism that means it can't transfer encrypted >> content. For instance: last time I used the PGP tools, they offered the >> ability to encrypt whatever's in the clipboard. There's nothing to stop me >> pasting the result into a webmail and inviting my corespondent to reverse >> the process. >> Sending an encrypted file as an attachment to a webmail would also work. > > That is NOT encrypting in webmail. That is using webmail to transport > encrypted content. I was just exploiting the loophole you left me when you phrased it, originally, as securing "data at rest in the context of a webmail system", rather than "encrypting in webmail", as you phrase it now. > > > Why you can NEVER do meaningful encryption to protect data at rest from the > server in actual Webmail is that the "client" software is dynamically > provided by the server you are trying to protect the data from! > > This is the "hushmail" and "lavabit" problem. Neither service is actually > able to protect the data at rest from a warrant, because the data can always > be accessed when the user logs in. Hushmail choses to snitch content to law > enforcement, lavabit shut down. > > You can only do "at-rest" protection on the mail server with a client program. > > -- > Nicholas Weaver it is a tale, told by an idiot, > [email protected] full of sound and fury, > 510-666-2903 .signifying nothing > PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
