Re: Why the poor uptake of encrypted email?

2008-12-19 Thread Nicolas Williams
On Thu, Dec 18, 2008 at 01:06:37PM +1000, James A. Donald wrote:
 Peter Gutmann wrote:
  ... to a statistically irrelevant bunch of geeks.
  Watch Skype deploy a not- terribly-anonymous (to the
  people running the Skype servers) communications
  system.
 
 Actually that is pretty anonymous.  Although I am sure
 that Skype would play ball with any bunch of goons that
 put forward a plausible justification, or threated to
 rip their fingernails off, most government agencies find
 it difficult to deal with anyone that they cannot
 casually have thrown in jail - dealing with equals is
 not part of their mindset.  So if your threat model does
 not include the FBI and the CIA, chances are that  the
 people who are threatening you will lack the
 organization and mindset to get Skype's cooperation.

That's also true for e-mail where the only encryption is in the
transport.  Except that you tend to store your e-mails and not your
phone calls, of course.  But you could always encrypt your filesystem
and not your e-mail itself, and that way avoid all the portability
issues that Alec brought up.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Why the poor uptake of encrypted email?

2008-12-18 Thread James A. Donald

Nicolas Williams wrote:
 Providing a suitable e-mail security solution for the
 masses strikes me as more important than providing
 anonymity to the few people who want or need it.  Not
 that you can't have both, unless you want everyone to
 use PGP or S/MIME as a way to hide anonymized traffic
 from non-anonymized traffic.

If email goes away - as I hope and expect it will - we
will need a new store and forward solution to support
anonymity.

A store and forward system is a system without end to
end real time round trips.  Obviously end to end real
time round trips prevent anonymity.

A system built on top of a best effort unreliable
messaging system requires some round tripping, which
does not make anonymity impossible, but does make it
tricky.  Email's architecture is very nice for
supporting anonymity.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Why the poor uptake of encrypted email?

2008-12-18 Thread James A. Donald

Peter Gutmann wrote:
 ... to a statistically irrelevant bunch of geeks.
 Watch Skype deploy a not- terribly-anonymous (to the
 people running the Skype servers) communications
 system.

Actually that is pretty anonymous.  Although I am sure
that Skype would play ball with any bunch of goons that
put forward a plausible justification, or threated to
rip their fingernails off, most government agencies find
it difficult to deal with anyone that they cannot
casually have thrown in jail - dealing with equals is
not part of their mindset.  So if your threat model does
not include the FBI and the CIA, chances are that  the
people who are threatening you will lack the
organization and mindset to get Skype's cooperation.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Why the poor uptake of encrypted email?

2008-12-17 Thread Peter Gutmann
StealthMonger stealthmon...@nym.mixmin.net writes:

Connection-based communication such as Skype and OTR do not provide this
capability.  The hop by hop store-and-forward email network does. This is not
busted or wrong.  It's essential.

... to a statistically irrelevant bunch of geeks.  Watch Skype deploy a not-
terribly-anonymous (to the people running the Skype servers) communications
system.  Watch the entire world not care, and flock to it in droves.  Heck,
the entire business model for social networking, one of the biggest Internet
phenomena in the last few years, is built around users being as non-anonymous
as possible.

So Alec's argument still stands.  It's pretty hard selling anonymity and
privacy to people who think nothing of sending Twitter updates of everything
they do all day long to anyone prepared to listen and posting videos of their
drunken antics to MyFace.

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Why the poor uptake of encrypted email?

2008-12-17 Thread Nicolas Williams
On Tue, Dec 16, 2008 at 03:06:04AM +, StealthMonger wrote:
 Alec Muffett alec.muff...@sun.com writes:
  In the world of e-mail the problem is that the end-user inherits a
  blob of data which was encrypted in order to defend the message as it
  passes hop by hop over the store-and-forward SMTP-relay (or UUCP?) e-
  mail network...  but the user is left to deal with the effects of
  solving the *transport* security problem.
 
  The model is old.  It is busted.  It is (today) wrong.
 
 But the capabilities of encrypted email go beyond mere confidentiality
 and authentication.  They include also strongly untraceable anonymity
 and pseudonymity.  This is accomplished by using chains of anonymizing
 remailers, each having a large random latency for mixing with other
 traffic.

The subject is [w]hy the poor uptake of encrypted email?.

Alec's answer shows that encrypted email when at rest is not easy to
use.

Providing a suitable e-mail security solution for the masses strikes me
as more important than providing anonymity to the few people who want or
need it.  Not that you can't have both, unless you want everyone to use
PGP or S/MIME as a way to hide anonymized traffic from non-anonymized
traffic.

Nico
-- 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Why the poor uptake of encrypted email?

2008-12-16 Thread StealthMonger
Alec Muffett alec.muff...@sun.com writes:

 In the world of e-mail the problem is that the end-user inherits a
 blob of data which was encrypted in order to defend the message as it
 passes hop by hop over the store-and-forward SMTP-relay (or UUCP?) e-
 mail network...  but the user is left to deal with the effects of
 solving the *transport* security problem.

 The model is old.  It is busted.  It is (today) wrong.

But the capabilities of encrypted email go beyond mere confidentiality
and authentication.  They include also strongly untraceable anonymity
and pseudonymity.  This is accomplished by using chains of anonymizing
remailers, each having a large random latency for mixing with other
traffic.

Connection-based communication such as Skype and OTR do not provide
this capability.  The hop by hop store-and-forward email network does.
This is not busted or wrong.  It's essential.


   stealthmail: Scripts to hide whether you're doing email, or when,
   or with whom.  mailto:stealthsu...@nym.mixmin.net


 -- StealthMonger
 stealthmon...@nym.mixmin.net
 stealthmon...@nym.panta-rhei.eu.org

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Why the poor uptake of encrypted email? [Was: Re: Secrets and cell phones.]

2008-12-11 Thread James A. Donald

--
  We discovered, however, that most people do not want
  to manage their own secrets 

StealthMonger wrote:
 This may help to explain the poor uptake of encrypted
 email.

There is very good uptake of skype and ssh, because
those impose no or very little additional cost on the
end user. Secret management is almost furtively sneaked
in on the back of other tasks.

 It would be useful to know exactly what has been
 discovered.  Can you provide references?

It is informal knowledge.

A field has references when it is a science, or
attempting to become a science, or pretending to become
a science.  Security is not yet even an art.

Cryptography is an art that dubiously pretends to
science, but the weak point of course is interaction of
humans with the cryptography, in which area we have not
even the pretense of art.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Why the poor uptake of encrypted email? [Was: Re: Secrets and cell phones.]

2008-12-09 Thread Dirk-Willem van Gulik


On 8 Dec 2008, at 22:43, David G. Koontz wrote:


JOHN GALT wrote:

StealthMonger wrote:

This may help to explain the poor uptake of encrypted email.  It  
would

be useful to know exactly what has been discovered.  Can you provide
references?


The iconic Paper explaining this is Why Johnny Can't Encrypt  
available

here:  http://portal.acm.org/citation.cfm?id=1251435



Available from the Authors:

http://gaudior.net/alma/johnny.pdf



A later follow up (s/mime; more focus on the KDC):

http://www.simson.net/clips/academic/2005.SOUPS.johnny2.pdf

is IMHO more interesting - as it explores a more realistic hostile  
scenario, seems to pinpoint the core security issue better; and goes  
to some length to evaluate remedial steps. And it does show that a  
large swath of issues in PGP are indeed solvable/solved (now)


Thanks,

Dw

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Why the poor uptake of encrypted email?

2008-12-09 Thread Alec Muffett

On 8 Dec 2008, at 21:13, JOHN GALT wrote:

The iconic Paper explaining this is Why Johnny Can't Encrypt  
available here:  http://portal.acm.org/citation.cfm?id=1251435




Orlbaq gur Jul Wbuaal cncre - sbphfvat hcba hfnovyvgl - V guvax  
gurer vf n uvture ceboyrz bs vagrebcrenovyvgl naq vasbezngvba-npprff  
ng cynl urer.


Gurer pna or ab npprff gb lbhe znvy jvgubhg hfr bs n pyvrag vs lbh ner  
hfvat pelcgbtencul - rira EBG13 - naq guvf nybar vf n ovt ceboyrz,  
orpnhfr zrqvngrq npprff gb lbhe r-znvy vf *ernyyl* cnvashy.


Sbe fbzr 15 lrnef V hfrq zu/azu/rkzu (ynggreyl jvgu srgpuznvy), gura  
zbirq gb Znvy.ncc, erpragyl gevrq Guhaqreoveq sbe n srj zbaguf, naq nz  
er-pbafvqrevat azu sbe ybat-grez nepuvivat bs r-znvy. V nyfb hfr zl  
vCbq, guerr yncgbcf jvgu inelvat fcrpvrf bs Havk, naq n 3T cubar gb  
npprff r-znvy. Bppnfvbanyyl V fgvyy pbcl fghss bhg bs /ine/znvy/.


V jbhyq unir fhssrerq vzzrafryl jrer V erdhverq gb hfr n cnegvphyne  
pelcgb-ranoyrq pyvrag gb qrny jvgu zl r-znvy ng rnpu fgntr, be jrer V  
erdhverq gb hfr uvfgbevpny pelcgb-pyvragf gb npprff byqre znvyf.


Nalbar jubfr pbyyrtr gurfvf vf va JbeqCresrpg ba n 5.25 sybccl ng gur  
onpx bs n pybfrg fbzrjurer, fubhyq haqrefgnaq guvf ceboyrz.


Gb guvf qnl Cebwrpg Thgraoret hfrf syng NFPVV nf n ybjrfg pbzzba  
qrabzvangbe sbezng, naq fvzvyneyl V arrq zl r-znvy va gur fvzcyrfg  
sbez fb gung V pna terc vg, crey vg, dhbgr vg naq frnepu vg.


Fb jul unf rapelcgrq r-znvy snvyrq? V fhfcrpg gung fgngvp qngn  
rapelcgvba eribygf ntnvafg gur angher bs crefbany pbzzhavpngvba naq  
gur arrqf bs crefbany vasbezngvba er-hfr.


Sbe pbzcnevfba, pbafvqre gur pbairetrapr bs vafgnag zrffntvat naq r- 
znvy - gurl ner orpbzvat rire zber nyvxr, ohg gur sbezre zbfgyl eryvrf  
hcba raq gb raq genafcbeg frphevgl, bsgra nffhzvat gung gur cevinpl bs  
ybtf ng rvgure raq ner ng gur juvz bs *gung* hfre.


Sbe fbzr ernfba guvf jbexf engure jryy; nf frphevgl trrxf jr pbzcynva  
nobhg vg, ohg gurer unir orra znal gvzrf jura Fxlcr unf onvyrq zr bhg  
bs gebhoyr jvgu vgf novyvgl gb qevyy guebhtu nyzbfg nalguvat naq  
cebivqr zr jvgu zrffntvat naq svyr-genafsre.


Fvzvyneyl NVZ, Wnoore, TPung - nyy bs juvpu V unccvyl eha jvgu BGE -  
tvir zr arprffnel zbfgyl-frpher pbzzhavpngvba.


Va gur jbeyq bs r-znvy gur ceboyrz vf gung gur raq-hfre vaurevgf n  
oybo bs qngn juvpu jnf rapelcgrq va beqre gb qrsraq gur zrffntr nf vg  
cnffrf ubc ol ubc bire gur fgber-naq-sbejneq FZGC-erynl (be HHPC?) r- 
znvy argjbex... ohg gur hfre vf yrsg gb qrny jvgu gur rssrpgf bs  
fbyivat gur *genafcbeg* frphevgl ceboyrz.


Gur zbqry vf byq. Vg vf ohfgrq. Vg vf (gbqnl) jebat.

Vg'f yvxr beqrevat ybofgre ovfdhr, naq univat n yvir ybofgre ghea hc  
ng lbhe gnoyr; jung lbh jnag vf va gurer - urnivyl nezberq - naq lrf  
lbh pna eraqre jung lbh erprvir vagb jung lbh npghnyyl qrfver; OHG  
vg'f zrffl naq lbh'er ernyyl fghpx hayrff lbh unir n zbhyv, n fnhprcna  
naq n fznyy CTC ubgcyngr ng unaq.


Naq bs pbhefr lbh unir gb nepuvir pbcvrf bs gur ybofgre, abg gur fbhc.

F/ZVZR naq vgf oergurera rkvfg gb fvzhygnarbhfyl nqqerff gur frphevgl  
bs qngn va zbgvba naq qngn ng erfg - ohg crbcyr qba'g jnag gur ynggre  
va gur sbez gung vg cebivqrf, orpnhfr vg vauvovgf vagrebcrenovyvgl naq  
hfnovyvgl ng n yriry nobir gur guvf fbsgjner fhpxf znggre...


Naq vs gur qngn va zbgvba raq gb raq frphevgl vffhr vf orvat  
nqqerffrq ol guvatf yvxr VZ/BGE naq Fxlcr, gura creuncf frpher r- 
znvy jvyy fbba tb gur jnl bs Gryarg naq SGC?


- nyrp

ps: if you are stuck, try www.rot13.com


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Why the poor uptake of encrypted email?

2008-12-09 Thread ji

Alec Muffett wrote:



Naq bs pbhefr lbh unir gb nepuvir pbcvrf bs gur ybofgre, abg gur fbhc.


If we still had finger-plans, this would have made its way into mine. 
What a great quote!


/ji

PS: For the rot13-impaired, it reads And of course you have to archive 
copies of the lobster, not the soup.


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Why the poor uptake of encrypted email? [Was: Re: Secrets and cell phones.]

2008-12-08 Thread JOHN GALT
StealthMonger wrote:

 This may help to explain the poor uptake of encrypted email.  It would
 be useful to know exactly what has been discovered.  Can you provide
 references?

The iconic Paper explaining this is Why Johnny Can't Encrypt available
here:  http://portal.acm.org/citation.cfm?id=1251435

JOHN ;)
Timestamp: Monday 08 Dec 2008, 16:13  --500 (Eastern Standard Time)
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Why the poor uptake of encrypted email? [Was: Re: Secrets and cell phones.]

2008-12-08 Thread David G. Koontz
JOHN GALT wrote:
 StealthMonger wrote:
 
 This may help to explain the poor uptake of encrypted email.  It would
 be useful to know exactly what has been discovered.  Can you provide
 references?
 
 The iconic Paper explaining this is Why Johnny Can't Encrypt available
 here:  http://portal.acm.org/citation.cfm?id=1251435
 

Available from the Authors:

http://gaudior.net/alma/johnny.pdf
http://www.cs.berkeley.edu/~tygar/papers/Why_Johnny_Cant_Encrypt/OReilly.pdf

(For those of us not ACM members and not having Library or affliate access).

There's also a power point presentation on the cognitive dissonance involved:

http://www.nku.edu/~waldenj1/classes/2006/spring/csc593/presentations/Johnny.ppt

And something done at Carnegie Mellon:

http://cups.cs.cmu.edu/courses/ups-sp06/notes/060202LectureNotes.doc

http://cups.cs.cmu.edu/courses/ups-sp06/slides/060202-user-tests2.ppt


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]