Re: how email encryption should work (and how to get it used...)

[Amir Herzberg]

James A. Donald responded to me:



A missing element is motivation for getting something
like this deployed... I think spam could offer such
motivation; and, I strongly believe that a
cryptographic protocol to penalize spammers could be 
one of the most important tools against spam.


The cure for spam is not a provable link to a true name,
but a provable link to a domain name.
I disagree. I believe that _accountability_ is a key element in stopping 
spam, and that cryptographic protocols (such as SICS) offer the best 
mechanisms to ensure accountability of spam. A `provable link to domain 
name`, imho, is merely a specific method of accountability (in the 
domain level), which is useful, but not necessarily optimal, esp. 
considering the need to support mobile users and many domains, not all 
fully trustworthy.


The problem with adoption is that this is only
beneficial against spam if widely used.  We face the
usual critical mass problem.
Agreed here and indeed a focal point in this effort should definitely be 
providing value to early adopters. I  believe we can provide such early 
advantages better via spam-fighting mechanisms, such as secure protocol 
between multiple spam-aware mail agents (MTA-MTA, MTA-MUA)); so that's 
what we are developing in SICS. I believe these efforts are 
complementary to providing encryption services.


Best, Amir Herzberg

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: how email encryption should work (and how to get it used...)

[James A. Donald]

--
On 30 Mar 2005 at 13:00, Amir Herzberg wrote:
> A missing element is motivation for getting something
> like this deployed... I think spam could offer such
> motivation; and, I strongly believe that a
> cryptographic protocol to penalize spammers could be 
> one of the most important tools against spam.

The cure for spam is not a provable link to a true name,
but a provable link to a domain name.

The problem with adoption is that this is only
beneficial against spam if widely used.  We face the
usual critical mass problem.

The proposal on my blog (blog.jim.com) focusses on
encryption at the individual level - one key per email
address, not one key per domain name. which would solve
the spam problem, but is less immediately helpful than
one key per domain name. 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 Fl8/gx81XkbuiLaqs0tMz+/ctcqWpf8QrHNii7fo
 41mnxh9Ph2K70irDlta/Y+pRlE0zVmBG5xdTi+LFm


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: how email encryption should work (and how to get it used...)

[James A. Donald]

--
On 30 Mar 2005 at 13:00, Amir Herzberg wrote:
> A missing element is motivation for getting something 
> like this deployed... I think spam could offer such 
> motivation;

Phishing is costing billions, and is a major obstacle to 
electronic commerce.   In my judgment, fixing phishing 
and facilitating electronic commerce is a good fit to 
the capabilities provided by cryptography.  (Of course a 
large part of spam is phishing and viruses)

> a cryptographic protocol to penalize spammers could be
> one of the most important tools against spam. I've
> presented such a simple crypto protocol (SICS) in
> SCN'04 [available off my site],

And your site is? 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 To5/mH1p3iCBlpaC6McgYo2aehoFMV42OcrSW6Ze
 4AmE3tC68Tiyw+VQHexWjeQmXnrDHI+41ty416j11



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: how email encryption should work (and how to get it used...)

[Amir Herzberg]

I think this is a good summary of how it should work, except, that I 
don't think messages should be signed by default, only authenticated 
(MAC). Users should be clearly aware of making a non-repudable statement.

Plus, it may be preferable to use something like matasignatures.org to 
ensure authenticated e-mail does not alarm recipient with non-compliant 
e-mail clients.

A missing element is motivation for getting something like this 
deployed... I think spam could offer such motivation; and, I strongly 
believe that a cryptographic protocol to penalize spammers could be one 
of the most important tools against spam. I've presented such a simple 
crypto protocol (SICS) in SCN'04 [available off my site], and now work 
on open-source implementation (with student Jonathan Levi) of an 
improved version (SICSv2...), to be published soon. [I can send draft to 
experts willing to provide feedback...]

Best, Amir Herzberg
James A. Donald wrote:
--
In my blog http://blog.jim.com/ I post "how email 
encryption should work"

I would appreciate some analysis of this proposal, which 
I think summarizes a great deal of discussion that I 
have read.

* The user should automagically get his certified 
key when he sets up the email account, without 
having to do anything extra. We should allow him the 
option of doing extra stuff, but the default should 
be do nothing, and the option to do something should 
be labelled with something intimidating like 
“Advanced custom cryptographic key management" so 
that 99% of users never touch it.

* In the default case, the mail client, if there are 
no keys present, logs in to a keyserver using a 
protocol analogous to SPEKE, using by default the 
same password as is used to download mail. That 
server then sends the key for that password and 
email address, and emails a certificate asserting 
that holder of that key can be reached at that email 
address. Each email address, not each user, has a 
unique key, which changes only when and if the user 
changes the password or email address. Unless the 
user wants to deal with “advanced custom options”, 
his “from” address must be the address that the 
client downloads mail from – as it normally is.

* The email client learns correspondent's public 
keys by receiving signed email. It assigns petnames 
on a per-key basis. A petname is also shorthand for 
entering a destination address (Well it is shorthand 
if the user modified it. The default petname is the 
actual address optionally followed by a count.)

* The email client presents two checkboxes, sign and 
encrypt, both of which default to whatever was last 
used for this email address. If several addresses 
are used, it defaults to the strongest that was used 
for any one of them. If the destination address has 
never been used before, then encrypt is checked if 
the keys are known, greyed out if they are unknown. 
Sign is checked by default.

* The signature is in the mail headers, not the 
body, and signs the body, the time sent, the 
sender's address, and the intended recipient's 
address. If the email is encrypted, the signature 
can only be checked by someone who possesses the 
decryption key.

* If the user is completely oblivious to encryption 
and completely ignores those aspects of the program, 
and those he communicates with do likewise, he sends 
his public key all over the place in the headers, 
signs everything he sends, and encrypts any messages 
that are a reply to someone using similar software, 
and neither he nor those he corresponds with notice 
anything different or have to do anything extra – 
other than that when he gets unsigned messages, or 
messages with an key different from the previously 
used key, a warning comes up – an unobtrusive and 
easily ignored warning if he has never received a 
signed message from that source, a considerably 
stronger warning if he has previously received 
signed mail from that source.

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 gOiN3HXQALAQHbKEOYdu/aZClRbPTEfjzyLpGAMx
 4dJddm3vIwGuBnfc933djUV6zT4DWvM26KobmzFyC

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
.
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]