Re: it's not the crypto
At 8:58 AM -0500 2/5/2001, Steve Bellovin wrote: Every now and then, something pops up that reinforces the point that crypto can't solve all of our security and privacy problems. Today's installment can be found at http://www.privacyfoundation.org/advisories/advemailwiretap.html For almost all of us, the end systems are the weak points, not the transmission! While I certainly agree with your general point, I don't think this case is good exemplar. "The exploit requires the person reading a wiretapped email message to be using an HTML-enabled email reader that also has JavaScript turned on by default." The notion that e-mail should be permitted to contain arbitrary programs that are executed automatically by default on being opened is so over the top from a security stand point that it is hard to find language strong enough to condemn it. It goes far beyond the ordinary risks of end systems. The closest analogy I can thinking of is the early days of the 20th century when some doctors began prescribing radium suppositories for a variety of ills. Arnold Reinhold
Re: it's not the crypto
The notion that e-mail should be permitted to contain arbitrary programs that are executed automatically by default on being opened is so over the top from a security stand point that it is hard to find language strong enough to condemn it. It goes far beyond the ordinary risks of end systems. And, yet, digital rights folk argue that the only way data can be self protecting (the pre-requisite for data being out and about on its own), is to wrap said data in a program which the recipient must execute. All the music royalty or email self-destruction stuffs basically take this position. If auto-update of software really does take hold, whether by contract (UCITA) or by choice (whopping convenient, that), receiving an executable with long-lived aftereffect will be part of every ordinary person's day. Not denying your point at all -- merely trying to look well down range. I'm a send-by-reference-not-by-value sort of guy, but as I see the world, e-mail attachments are doubtless now the poor man's distributed filesystem, and the momentum is with ever increasing amounts of executables being transmitted. Consider, for an example actually rather related to this Javascript e-mail issue, the case of Zaplets (http://www.zaplet.com) which has $100M+ saying that this is the future, or the stored procedures in many specialized Oracle applications that take the form of Java applets you download silently to execute on your end. Contemplating retirement off the grid, --dan
Re: it's not the crypto
Well, there's quite a distance between executing something that is signed by a public entity during a transaction that I initiate, and having code silently execute because something was pushed to me unsolicited. btw, the suggested workaround in the privacy advisory does not appear to work - at least on my Outlook, turning off Javascript for the Internet zone turns it off for IE too, which (alas!) is too restrictive to be practical. I have all the MS security updates, according to their Office-Update site. Barney Wolff On Tue, Feb 06, 2001 at 04:58:39PM -0500, Dan Geer wrote: The notion that e-mail should be permitted to contain arbitrary programs that are executed automatically by default on being opened is so over the top from a security stand point that it is hard to find language strong enough to condemn it. It goes far beyond the ordinary risks of end systems. And, yet, digital rights folk argue that the only way data can be self protecting (the pre-requisite for data being out and about on its own), is to wrap said data in a program which the recipient must execute. All the music royalty or email self-destruction stuffs basically take this position. If auto-update of software really does take hold, whether by contract (UCITA) or by choice (whopping convenient, that), receiving an executable with long-lived aftereffect will be part of every ordinary person's day. Not denying your point at all -- merely trying to look well down range. I'm a send-by-reference-not-by-value sort of guy, but as I see the world, e-mail attachments are doubtless now the poor man's distributed filesystem, and the momentum is with ever increasing amounts of executables being transmitted. Consider, for an example actually rather related to this Javascript e-mail issue, the case of Zaplets (http://www.zaplet.com) which has $100M+ saying that this is the future, or the stored procedures in many specialized Oracle applications that take the form of Java applets you download silently to execute on your end. Contemplating retirement off the grid, --dan