Re: What email encryption is actually in use?
at Monday, November 04, 2002 2:28 AM, Tim May [EMAIL PROTECTED] was seen to say: Those who need to know, know. Which of course is a viable model, provided you are only using your key for private email to those who need to know if you are using it for signatures posted to a mailing list though, it just looks silly. You, I've never seen before. Even if you found my key at the Liberal Institution of Technology, what would it mean? it would at least give us a chance to check the integrity of your post (what a sig is for after all) and anyone faking your key on the servers would have to prevent you ever seeing one of your own posts (so that you can't check the signature yourself) Parts of the PGP model are ideologically brain-dead. I attribute this to left-wing peacenik politics of some of the early folks. The Web-of-Trust model is mildly broken - all you can really say about it is that it is better than the alternatives (X509 is not only badly broken, but badly broken for the purpose of hierachical control and/or profit) In the current case, one reason to sign important posts is to establish a pattern of ownership for posts, independent of real-world identity. If I know that posts a,b c sent from nym x are all signed, I will be reasonably confident that key y is owned by the normal poster of nym x. that I don't know who that is in meatspace is pretty irrelevant. Where both systems break down is when trying to assert that key y is tied to anything but an email address (or possibly a static IP). There is little to bind a key to anything or anyone in the real world, unless you meet in person, know each other reasonably well (if only via third parties that can identify you both) and exchange fingerprints. in fact, WoT is simply an attempt to automate this process offline, so that you can be introduced to someone by a third party without all three of you having to meet; you still have to make a value judgement based on how sure you are about the third party's reliability and how confident they seem about the identity of x - however in the real world, both of those are vague, hard-to-define values and in the WoT they are rigid (you have a choice of two levels of trust for an introducer, and no way to encode how much third parties should rely on your identification)
RE: What email encryption is actually in use?
Peter Trei wrote... Durden's question was whether a snooper on an IPSEC VPN can tell (for example) an encrypted email packet from an encrypted HTTP request. The answer is no. All Eve can tell is the FW1 sent FW2 a packet of a certain size. The protocol of the encapsulated IP packet, it's true source behind FW1, it's true destination behind FW2, and the true destination port are all hidden. Yes, this was indeed the gist of my question. I was aware that there are actually hard and soft switches that are aware all the way up to the application layer, apparently (I also know that some softswiches have actually been deployed in RBOC/Baby Bell territory.) But from your previous email, you indicated that the secure IPSEC tunnel is created by taking the packets, encrypting S/A, D/A, payload and protocol fields (ie, pretty much everything) and then dumping them into the payload of another packet, and setting the Protocol field of the parent-packet to IPSEC. All that is now visible are the firewall addresses. That's a lot, methinks! In other words, there's practically a bright red flag sticking up saying I'm encrypted! Look over here!...it's child's play (well, if you consider making an ASIC child's play!) to then look at the S/A and D/a to see if they are interesting. If they belong to the IP spaces of two large companies, for instance, then look elsewhere (though I hear rumors that the NSAs of the world are branching out into industrial eavesdropping for their parent companies, ehr, for their parent countries). If a secure VPN tunnel forms between al-Jazeera's firewall and, say, some ISP near Atlantic Avenue in Brooklyn (heavy Arab community), then all sorts of spyglasses could pop up. Thus, I suspect a lot can be gleaned (and is) from communiques without actually de-encrypting...the philosohpy probably is, why violate civil rights unless we really, really have to? Extract as much as we can without actually de-encrypting, and if the probably of something being interesting is high enough, then we'll send it downstairs to be opened (and even then, determining how hard it is to open the communique might also be of interest...is it legal to open somebody else's email but not read it?) Here's a little quote for ya, since it seems to be the in-thing to do... The revolution is right where we want it: out of our control. (Royal Family and the Poor) From: Trei, Peter [EMAIL PROTECTED] To: [EMAIL PROTECTED], 'Major Variola (ret)' [EMAIL PROTECTED] Subject: RE: What email encryption is actually in use? Date: Mon, 4 Nov 2002 12:58:55 -0500 Major Variola (ret)[SMTP:[EMAIL PROTECTED]] At 10:13 AM 11/4/02 -0500, Tyler Durden wrote: This is an interesting issue...how much information can be gleaned from encrypted payloads? Traffic analysis (who, how frequently, temporal patterns) Size of payload Is it possible for a switch or whatever that has visibility up to layers 4/5/6 to determine (at least) what type of file is being sent? Yes. Modern network equiptment can examine all the way up to layer 7. Can tell that you're sending an .mp3 and will cut your QoS, if that's the policy. Durden's question was whether a snooper on an IPSEC VPN can tell (for example) an encrypted email packet from an encrypted HTTP request. The answer is no. All Eve can tell is the FW1 sent FW2 a packet of a certain size. The protocol of the encapsulated IP packet, it's true source behind FW1, it's true destination behind FW2, and the true destination port are all hidden. Peter _ Unlimited Internet access -- and 2 months free! Try MSN. http://resourcecenter.msn.com/access/plans/2monthsfree.asp
RE: What email encryption is actually in use?
Tyler Durden[SMTP:[EMAIL PROTECTED]] wrote But from your previous email, you indicated that the secure IPSEC tunnel is created by taking the packets, encrypting S/A, D/A, payload and protocol fields (ie, pretty much everything) and then dumping them into the payload of another packet, and setting the Protocol field of the parent-packet to IPSEC. All that is now visible are the firewall addresses. That's a lot, methinks! In other words, there's practically a bright red flag sticking up saying I'm encrypted! Look over here!...it's child's play (well, if you consider making an ASIC child's play!) to then look at the S/A and D/a to see if they are interesting. If they belong to the IP spaces of two large companies, for instance, then look elsewhere (though I hear rumors that the NSAs of the world are branching out into industrial eavesdropping for their parent companies, ehr, for their parent countries). If a secure VPN tunnel forms between al-Jazeera's firewall and, say, some ISP near Atlantic Avenue in Brooklyn (heavy Arab community), then all sorts of spyglasses could pop up. The title of this thread is What email encryption is actually in use?. I posted that a lot intra-company email often goes over encrypted VPNs between worksites, and that this should be considered in trying to figure out how much email is encrypted. After some back and forth to educate you on how IPSEC tunneling works, you now understand, but it turns out that that was not what you were interested in. VPNs no more raise a red flag than does any other form of encrypted communication without steganography. If your threat model includes end-point identification, then use alt.anonymous.messages. If traffic analysis is also a worry, use stego. VPNs are probably responsible for more encrypted traffic than anything else on the net, and meet corporate threat models very well. If your threat model is different, you may need a different solution. Peter Trei
Re: What email encryption is actually in use?
On Sun, Nov 03, 2002 at 11:23:36AM -0800, Tim May wrote: - -- treat text as text, to be sent via whichever mail program one uses, or whichever chatroom software (not that encrypted chat rooms are likely...but who knows?), or whichever news reader software http://www.invisible.net is sort of an encrypted chatroom. -- Windows, Icons, Mice and Pointers. A jedi craves not these things.
traffic analysis of VPN/secure tunnels (Re: What email encryption is actually in use?)
On Mon, Nov 04, 2002 at 12:58:55PM -0500, Trei, Peter wrote: Durden's question was whether a snooper on an IPSEC VPN can tell (for example) an encrypted email packet from an encrypted HTTP request. The answer is no. All Eve can tell is the FW1 sent FW2 a packet of a certain size. The protocol of the encapsulated IP packet, it's true source behind FW1, it's true destination behind FW2, and the true destination port are all hidden. An external obseverer being able to tell the time of exchange or percentage of traffic which is email vs http through a VPN probably isn't a big deal to most people. But if someone did care, it may be that you could have some probabilistic indication of whether the traffic is email or http (or other distinctions) based on the size of the packets, the timing that kind of thing. As there are different internal originating-points (mail hub, vs desktop/desktop+proxy cache), probably aspects of the hardware, TCP stack and application performance and behavior would leave some still recognizable performance and IP packet size signature. A more direct traffic-analysis type of risk is interactive session protocols like telnet, perhaps some chat programs where the characters are sent as they are typed. In this scenario it may be that an attacker could reconstruct the plaintext by analysing typing characteristics. (There was a paper about this risk for interactive sessions over SSH published a while back -- don't have the reference handy, probably google could find it). Another related type of risk is that SSL does not necessarily obsecure the page requested as the request and/or response may have unique, predictable and publicly measurable size uniquely identifying the document requested. Adam -- http://www.cypherspace.org/adam/
RE: What email encryption is actually in use?
Tim May[SMTP:[EMAIL PROTECTED]] On Saturday, November 2, 2002, at 08:01 PM, Tyler Durden wrote: Prior to that, the encrypted email I've sent in the past year or so has almost always failed, because of version incompatibilities, While in Telecom I was auditing optical transport gear, and we adopted the practice of encrypting all of our audit reports to vendors. Of course, the chance of there being an eavesdropper (uh...other than NSA, that is) was a plank energy above zero, but it gave the vendors the imporession we really cared a lot about their intellectual property (if we determined a problem with their equipment, and if that info ever leaked, it could have a major impact on them). When I was at Intel we sent our designs for microprocessors to European branches and/or partners. One set of designs sent to MATRA/Harris, a partner in the 80C86, was stolen in transit. (The box of tapes arrived in Paris, but the tapes had been replaced by the suitable weight of bricks.) I suspect that there is a fair amount of encrypted mail flowing over the net which is not obvious to ISPs. It's internal mail of large corporations. Many corps maintain VPNs between their offices, with encryption handled at the firewall. A great deal of highly sensitive internal email flows over these links, with the encryption totally transparent to the end-users. Of course, this is just internal stuff. The external mail is as open as everyone's been saying. Peter Trei
RE: What email encryption is actually in use?
The ever-though-provoking Peter Trei wrote... A great deal of highly sensitive internal email flows over these links, with the encryption totally transparent to the end-users. This is an interesting issue...how much information can be gleaned from encrypted payloads? Is it possible for a switch or whatever that has visibility up to layers 4/5/6 to determine (at least) what type of file is being sent? Can it determine at what layer encryption was performed? (These may be obvious to many of you, but I can only claim expertise in layers 0/1, and pieces of 2. Ok, I have a working knowledge of 3.) It may be possible for hardware that examines large numbers of communiques to pre-determine that much is of no interest. From: Trei, Peter [EMAIL PROTECTED] To: [EMAIL PROTECTED], 'Tim May' [EMAIL PROTECTED] Subject: RE: What email encryption is actually in use? Date: Mon, 4 Nov 2002 09:37:59 -0500 Tim May[SMTP:[EMAIL PROTECTED]] On Saturday, November 2, 2002, at 08:01 PM, Tyler Durden wrote: Prior to that, the encrypted email I've sent in the past year or so has almost always failed, because of version incompatibilities, While in Telecom I was auditing optical transport gear, and we adopted the practice of encrypting all of our audit reports to vendors. Of course, the chance of there being an eavesdropper (uh...other than NSA, that is) was a plank energy above zero, but it gave the vendors the imporession we really cared a lot about their intellectual property (if we determined a problem with their equipment, and if that info ever leaked, it could have a major impact on them). When I was at Intel we sent our designs for microprocessors to European branches and/or partners. One set of designs sent to MATRA/Harris, a partner in the 80C86, was stolen in transit. (The box of tapes arrived in Paris, but the tapes had been replaced by the suitable weight of bricks.) I suspect that there is a fair amount of encrypted mail flowing over the net which is not obvious to ISPs. It's internal mail of large corporations. Many corps maintain VPNs between their offices, with encryption handled at the firewall. A great deal of highly sensitive internal email flows over these links, with the encryption totally transparent to the end-users. Of course, this is just internal stuff. The external mail is as open as everyone's been saying. Peter Trei _ Choose an Internet access plan right for you -- try MSN! http://resourcecenter.msn.com/access/plans/default.asp
Re: What email encryption is actually in use?
at Monday, November 04, 2002 3:13 PM, Tyler Durden This is an interesting issue...how much information can be gleaned from encrypted payloads? Usually, the VPN is an encrypted tunnel from a specified IP (individual pc or lan) to another specified IP (the outer marker of the lan, usually the firewall/vpn combo box but of course that function can be split if needs be) sniffers can usually catch at least some of the initial login - normally a host name or user name is passed unencrypted as part of the setup - but any actual mail traffic will be indistinguishable from any other traffic; it is encapsulation of IP packets in an outer encrypted wrapper. similar statements can usually be made for Zeb, SSH and other similar tunnels - each encapsulates a low level (almost raw in the case of strict tunnels like zeb or ssh) packet passing tunnel in a crypto skin.
RE: What email encryption is actually in use?
-- From: Tyler Durden[SMTP:[EMAIL PROTECTED]] Sent: Monday, November 04, 2002 10:13 AM To: [EMAIL PROTECTED] Subject: RE: What email encryption is actually in use? The ever-though-provoking Peter Trei wrote... A great deal of highly sensitive internal email flows over these links, with the encryption totally transparent to the end-users. This is an interesting issue...how much information can be gleaned from encrypted payloads? Is it possible for a switch or whatever that has visibility up to layers 4/5/6 to determine (at least) what type of file is being sent? Can it determine at what layer encryption was performed? (These may be obvious to many of you, but I can only claim expertise in layers 0/1, and pieces of 2. Ok, I have a working knowledge of 3.) It may be possible for hardware that examines large numbers of communiques to pre-determine that much is of no interest. Most the ones I've seen are IPSEC over IPv4. You might be able to glean some info from packet size, timing, and ordering, but not much. IPSEC takes a plaintext IP packet and treats the whole thing as a data block to be encrypted.
RE: What email encryption is actually in use?
Tyler Durden[SMTP:[EMAIL PROTECTED]] writes: Most the ones I've seen are IPSEC over IPv4. You might be able to glean some info from packet size, timing, and ordering, but not much. IPSEC takes a plaintext IP packet and treats the whole thing as a data block to be encrypted. SO this would indicate that IPSEC creates a sort of blockage from seeing up to Layers 4/5/6. Now when you say it takes the IP packet, is this just the datagram or is it also he procotol bytes? (I'm assuming the layer-2 information remains intact.) If the protocol bytes are unencrypted, then there's a LOT that can probably be determined about any IP session. If the protocol bytes are encrypted, then this will ot be a very flexible session, no? (More of a secure pipe I guess.) And then, does IPSEC include specification for MPLS? I would assume that the MPLS header information is not encrypted, simply because the headers have no global significance... It's a pipe. The whole plaintext IP packet, from start to finish, including headers and checksum, gets treated as data, and encrypted. The encrypted packet is the data for a new packet, which goes from one firewall to another (and has only the firewall IP addresses exposed). The packets visible on the outside only tell Eve that firewall A sent firewall B an IPSEC packet of a certain size, with a particular Security Association. (ie, the protocol field says 'this is an IPSEC packet'). A single SA can be used for many, many, internal connections. Check the IPSEC RFCs for more info. Peter Trei
RE: What email encryption is actually in use?
Most the ones I've seen are IPSEC over IPv4. You might be able to glean some info from packet size, timing, and ordering, but not much. IPSEC takes a plaintext IP packet and treats the whole thing as a data block to be encrypted. SO this would indicate that IPSEC creates a sort of blockage from seeing up to Layers 4/5/6. Now when you say it takes the IP packet, is this just the datagram or is it also he procotol bytes? (I'm assuming the layer-2 information remains intact.) If the protocol bytes are unencrypted, then there's a LOT that can probably be determined about any IP session. If the protocol bytes are encrypted, then this will ot be a very flexible session, no? (More of a secure pipe I guess.) And then, does IPSEC include specification for MPLS? I would assume that the MPLS header information is not encrypted, simply because the headers have no global significance... From: Trei, Peter [EMAIL PROTECTED] To: [EMAIL PROTECTED], 'Tyler Durden' [EMAIL PROTECTED] Subject: RE: What email encryption is actually in use? Date: Mon, 4 Nov 2002 11:00:56 -0500 -- From: Tyler Durden[SMTP:[EMAIL PROTECTED]] Sent: Monday, November 04, 2002 10:13 AM To: [EMAIL PROTECTED] Subject: RE: What email encryption is actually in use? The ever-though-provoking Peter Trei wrote... A great deal of highly sensitive internal email flows over these links, with the encryption totally transparent to the end-users. This is an interesting issue...how much information can be gleaned from encrypted payloads? Is it possible for a switch or whatever that has visibility up to layers 4/5/6 to determine (at least) what type of file is being sent? Can it determine at what layer encryption was performed? (These may be obvious to many of you, but I can only claim expertise in layers 0/1, and pieces of 2. Ok, I have a working knowledge of 3.) It may be possible for hardware that examines large numbers of communiques to pre-determine that much is of no interest. Most the ones I've seen are IPSEC over IPv4. You might be able to glean some info from packet size, timing, and ordering, but not much. IPSEC takes a plaintext IP packet and treats the whole thing as a data block to be encrypted. _ Surf the Web without missing calls! Get MSN Broadband. http://resourcecenter.msn.com/access/plans/freeactivation.asp
RE: What email encryption is actually in use?
At 10:13 AM 11/4/02 -0500, Tyler Durden wrote: This is an interesting issue...how much information can be gleaned from encrypted payloads? Traffic analysis (who, how frequently, temporal patterns) Size of payload Is it possible for a switch or whatever that has visibility up to layers 4/5/6 to determine (at least) what type of file is being sent? Yes. Modern network equiptment can examine all the way up to layer 7. Can tell that you're sending an .mp3 and will cut your QoS, if that's the policy. Can it determine at what layer encryption was performed? Various packet classification hardware companies [1] make chips to find fields in headers. (The classification chips pass this info to the NPU) IPsec, SSL are trivial. App-level crypto is easy if the crypto has signatures, like -BEGIN PGP MESSAGE-. Steganography + encryption, however, is pretty tough. The S/N ratio can become useless due to false alarms. The Feds probably have an enormous collection of intercepted arab baby pictures... [1] Here's a blurb from http://solidum.com/products/index.cfm Based on programmable state machine technology and a powerful, openly-distributed pattern description language, our scalable, forward-compatible, and field-upgradable classification processors can be configured to closely inspect packets for vital information up to and including Layer 7. The information collected can then be used to make intelligent routing and switching decisions for service, application, and QoS requirements. This improves the speed, power and efficiency of next generation network processing architectures, facilitates the delivery of content-based services and enables true QoS for differentiated services. --- CALEA: What did you think layer 7 awareness meant?
RE: What email encryption is actually in use?
Major Variola (ret)[SMTP:[EMAIL PROTECTED]] At 10:13 AM 11/4/02 -0500, Tyler Durden wrote: This is an interesting issue...how much information can be gleaned from encrypted payloads? Traffic analysis (who, how frequently, temporal patterns) Size of payload Is it possible for a switch or whatever that has visibility up to layers 4/5/6 to determine (at least) what type of file is being sent? Yes. Modern network equiptment can examine all the way up to layer 7. Can tell that you're sending an .mp3 and will cut your QoS, if that's the policy. Durden's question was whether a snooper on an IPSEC VPN can tell (for example) an encrypted email packet from an encrypted HTTP request. The answer is no. All Eve can tell is the FW1 sent FW2 a packet of a certain size. The protocol of the encapsulated IP packet, it's true source behind FW1, it's true destination behind FW2, and the true destination port are all hidden. Peter
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- If you signed your messages on a regular basis, it would let me know whether or not you're the same Tim May, I've been reading since back when toad.com was the only server for the list. If you're key was signed by anyone I've dealt with, who I know will actually check your id, it would increase my confidence that you really are Tim May, and not just a net persona. It doen't make one iota of difference, whether you choose to distribute your key or not. Your ideas are usually thought provoking, and consistent enough to form a persona in the minds of the list readers. Or at least, in mine. I know you know (whether or not you agree) with the above. It just struck me as humourous that you'd sign the post, with the comment to the effect that there isn't much point in doing so, with a key that isn't on the servers. Do you see the PGP web of trust as completly useless? As to who I am, well... I'm a programmer, living in London, Ont. Canada. I've been lurking, off and on, since 94 or so. I don't think I've actually posted anything to the list since back in 96, when I wrote a freeware program to simplify using PGP with dos based offline mail readers (MPI.ZIP). While I normally promote privacy issues, only with those I meet face to face, I still consider myself a cypherpunk. I normally only post to the list, when my point of view isn't being expressed by any of the regular posters. Regards, Dave Hodgins. Tim May wrote: On Sunday, November 3, 2002, at 06:14 PM, David W. Hodgins wrote: -BEGIN PGP SIGNED MESSAGE- The advantages really disappear, when the key used to sign the message isn't sent to the key servers {:. Those who need to know, know. You, I've never seen before. Even if you found my key at the Liberal Institution of Technology, what would it mean? Parts of the PGP model are ideologically brain-dead. I attribute this to left-wing peacenik politics of some of the early folks. - --Tim May -BEGIN PGP SIGNATURE- Version: PGPfreeware 7.0.3 for non-commercial use http://www.pgp.com iQEVAwUBPcXu94s+asmeZwNpAQFQuAf+LbwrdQV8CPAc/lw2AF5HPvKLGopHCj3i tFR+drfFAYDDA6UHMPJOFxzDdhFYrRbhQ3c3cSkExSSoI7Mce389KPdGimWQZTJZ rCYyvnXtG+S//ya8yCELXC3SSwwra0+laPpoSz6lseIU6YJUYFyMLnnXaH5gpxHi O7TtK8kfPFQVVdbBuJC4mp9SjNO3DqIM29UbPSrf9KZ1w2zPXA4eov9GL9jjU808 CzT+wncCYaE1EU8cT3C+TFJyd8r8B1S6CLbjX9hC71kIt5bVUt1EHMHUx8u2YaXZ i4o2kKQGePbJvIIiOuwngIUOuwnbgLlGO7+zhsL4y2UuXeJ1/W5NVQ== =8BJt -END PGP SIGNATURE-
Re: What email encryption is actually in use?
at Monday, November 04, 2002 2:28 AM, Tim May [EMAIL PROTECTED] was seen to say: Those who need to know, know. Which of course is a viable model, provided you are only using your key for private email to those who need to know if you are using it for signatures posted to a mailing list though, it just looks silly. You, I've never seen before. Even if you found my key at the Liberal Institution of Technology, what would it mean? it would at least give us a chance to check the integrity of your post (what a sig is for after all) and anyone faking your key on the servers would have to prevent you ever seeing one of your own posts (so that you can't check the signature yourself) Parts of the PGP model are ideologically brain-dead. I attribute this to left-wing peacenik politics of some of the early folks. The Web-of-Trust model is mildly broken - all you can really say about it is that it is better than the alternatives (X509 is not only badly broken, but badly broken for the purpose of hierachical control and/or profit) In the current case, one reason to sign important posts is to establish a pattern of ownership for posts, independent of real-world identity. If I know that posts a,b c sent from nym x are all signed, I will be reasonably confident that key y is owned by the normal poster of nym x. that I don't know who that is in meatspace is pretty irrelevant. Where both systems break down is when trying to assert that key y is tied to anything but an email address (or possibly a static IP). There is little to bind a key to anything or anyone in the real world, unless you meet in person, know each other reasonably well (if only via third parties that can identify you both) and exchange fingerprints. in fact, WoT is simply an attempt to automate this process offline, so that you can be introduced to someone by a third party without all three of you having to meet; you still have to make a value judgement based on how sure you are about the third party's reliability and how confident they seem about the identity of x - however in the real world, both of those are vague, hard-to-define values and in the WoT they are rigid (you have a choice of two levels of trust for an introducer, and no way to encode how much third parties should rely on your identification)
Re: What email encryption is actually in use?
On Saturday November 2 2002 11:09, Adam Shostack wrote: I'd be interested to hear how often email content is protected by any form of crypto, including IPsec, Starttls, ssh delivery, or PGP or SMIME. There's probably an interesting paper in going out and looking at this. I use GnuPG to the people I know that have it. Admittedly that number is rather low but I am working on raising it. My e-mail client will do SSL and TLS so most if not all of my messages are protected at least to and from the ISP's servers. I would like to use GnuPG (my OpenPGP application of choice) more often. Unfortunately the number of people that have it is too low to make this practical and providers like AOL making it very difficult to use encryption with their proprietary e-mail clients pushes the number even lower than it should be. Part of the problem is too many people not realizing that one sending e-mail in the clear means that one trusts their ISP's admins, the receiving ISP's admins, and anyone with root (or possibly even just physical access) on a network between them. All it takes is one untrustworthy person snooping on the wire and there goes your privacy. Granted, yes, it's a violation of laws like the ECPA (in the US) to do so, but when there are potentially dozens of people who could have divulged a message, how does one know who to prosecute? -- Shawn K. Quinn
RE: What email encryption is actually in use?
Tim May[SMTP:[EMAIL PROTECTED]] On Saturday, November 2, 2002, at 08:01 PM, Tyler Durden wrote: Prior to that, the encrypted email I've sent in the past year or so has almost always failed, because of version incompatibilities, While in Telecom I was auditing optical transport gear, and we adopted the practice of encrypting all of our audit reports to vendors. Of course, the chance of there being an eavesdropper (uh...other than NSA, that is) was a plank energy above zero, but it gave the vendors the imporession we really cared a lot about their intellectual property (if we determined a problem with their equipment, and if that info ever leaked, it could have a major impact on them). When I was at Intel we sent our designs for microprocessors to European branches and/or partners. One set of designs sent to MATRA/Harris, a partner in the 80C86, was stolen in transit. (The box of tapes arrived in Paris, but the tapes had been replaced by the suitable weight of bricks.) I suspect that there is a fair amount of encrypted mail flowing over the net which is not obvious to ISPs. It's internal mail of large corporations. Many corps maintain VPNs between their offices, with encryption handled at the firewall. A great deal of highly sensitive internal email flows over these links, with the encryption totally transparent to the end-users. Of course, this is just internal stuff. The external mail is as open as everyone's been saying. Peter Trei
Re: What email encryption is actually in use?
at Monday, November 04, 2002 3:13 PM, Tyler Durden This is an interesting issue...how much information can be gleaned from encrypted payloads? Usually, the VPN is an encrypted tunnel from a specified IP (individual pc or lan) to another specified IP (the outer marker of the lan, usually the firewall/vpn combo box but of course that function can be split if needs be) sniffers can usually catch at least some of the initial login - normally a host name or user name is passed unencrypted as part of the setup - but any actual mail traffic will be indistinguishable from any other traffic; it is encapsulation of IP packets in an outer encrypted wrapper. similar statements can usually be made for Zeb, SSH and other similar tunnels - each encapsulates a low level (almost raw in the case of strict tunnels like zeb or ssh) packet passing tunnel in a crypto skin.
RE: What email encryption is actually in use?
At 10:13 AM 11/4/02 -0500, Tyler Durden wrote: This is an interesting issue...how much information can be gleaned from encrypted payloads? Traffic analysis (who, how frequently, temporal patterns) Size of payload Is it possible for a switch or whatever that has visibility up to layers 4/5/6 to determine (at least) what type of file is being sent? Yes. Modern network equiptment can examine all the way up to layer 7. Can tell that you're sending an .mp3 and will cut your QoS, if that's the policy. Can it determine at what layer encryption was performed? Various packet classification hardware companies [1] make chips to find fields in headers. (The classification chips pass this info to the NPU) IPsec, SSL are trivial. App-level crypto is easy if the crypto has signatures, like -BEGIN PGP MESSAGE-. Steganography + encryption, however, is pretty tough. The S/N ratio can become useless due to false alarms. The Feds probably have an enormous collection of intercepted arab baby pictures... [1] Here's a blurb from http://solidum.com/products/index.cfm Based on programmable state machine technology and a powerful, openly-distributed pattern description language, our scalable, forward-compatible, and field-upgradable classification processors can be configured to closely inspect packets for vital information up to and including Layer 7. The information collected can then be used to make intelligent routing and switching decisions for service, application, and QoS requirements. This improves the speed, power and efficiency of next generation network processing architectures, facilitates the delivery of content-based services and enables true QoS for differentiated services. --- CALEA: What did you think layer 7 awareness meant?
RE: What email encryption is actually in use?
Most the ones I've seen are IPSEC over IPv4. You might be able to glean some info from packet size, timing, and ordering, but not much. IPSEC takes a plaintext IP packet and treats the whole thing as a data block to be encrypted. SO this would indicate that IPSEC creates a sort of blockage from seeing up to Layers 4/5/6. Now when you say it takes the IP packet, is this just the datagram or is it also he procotol bytes? (I'm assuming the layer-2 information remains intact.) If the protocol bytes are unencrypted, then there's a LOT that can probably be determined about any IP session. If the protocol bytes are encrypted, then this will ot be a very flexible session, no? (More of a secure pipe I guess.) And then, does IPSEC include specification for MPLS? I would assume that the MPLS header information is not encrypted, simply because the headers have no global significance... From: Trei, Peter [EMAIL PROTECTED] To: [EMAIL PROTECTED], 'Tyler Durden' [EMAIL PROTECTED] Subject: RE: What email encryption is actually in use? Date: Mon, 4 Nov 2002 11:00:56 -0500 -- From: Tyler Durden[SMTP:[EMAIL PROTECTED]] Sent: Monday, November 04, 2002 10:13 AM To: [EMAIL PROTECTED] Subject: RE: What email encryption is actually in use? The ever-though-provoking Peter Trei wrote... A great deal of highly sensitive internal email flows over these links, with the encryption totally transparent to the end-users. This is an interesting issue...how much information can be gleaned from encrypted payloads? Is it possible for a switch or whatever that has visibility up to layers 4/5/6 to determine (at least) what type of file is being sent? Can it determine at what layer encryption was performed? (These may be obvious to many of you, but I can only claim expertise in layers 0/1, and pieces of 2. Ok, I have a working knowledge of 3.) It may be possible for hardware that examines large numbers of communiques to pre-determine that much is of no interest. Most the ones I've seen are IPSEC over IPv4. You might be able to glean some info from packet size, timing, and ordering, but not much. IPSEC takes a plaintext IP packet and treats the whole thing as a data block to be encrypted. _ Surf the Web without missing calls! Get MSN Broadband. http://resourcecenter.msn.com/access/plans/freeactivation.asp
RE: What email encryption is actually in use?
Tyler Durden[SMTP:[EMAIL PROTECTED]] writes: Most the ones I've seen are IPSEC over IPv4. You might be able to glean some info from packet size, timing, and ordering, but not much. IPSEC takes a plaintext IP packet and treats the whole thing as a data block to be encrypted. SO this would indicate that IPSEC creates a sort of blockage from seeing up to Layers 4/5/6. Now when you say it takes the IP packet, is this just the datagram or is it also he procotol bytes? (I'm assuming the layer-2 information remains intact.) If the protocol bytes are unencrypted, then there's a LOT that can probably be determined about any IP session. If the protocol bytes are encrypted, then this will ot be a very flexible session, no? (More of a secure pipe I guess.) And then, does IPSEC include specification for MPLS? I would assume that the MPLS header information is not encrypted, simply because the headers have no global significance... It's a pipe. The whole plaintext IP packet, from start to finish, including headers and checksum, gets treated as data, and encrypted. The encrypted packet is the data for a new packet, which goes from one firewall to another (and has only the firewall IP addresses exposed). The packets visible on the outside only tell Eve that firewall A sent firewall B an IPSEC packet of a certain size, with a particular Security Association. (ie, the protocol field says 'this is an IPSEC packet'). A single SA can be used for many, many, internal connections. Check the IPSEC RFCs for more info. Peter Trei
RE: What email encryption is actually in use?
Tyler Durden[SMTP:[EMAIL PROTECTED]] wrote But from your previous email, you indicated that the secure IPSEC tunnel is created by taking the packets, encrypting S/A, D/A, payload and protocol fields (ie, pretty much everything) and then dumping them into the payload of another packet, and setting the Protocol field of the parent-packet to IPSEC. All that is now visible are the firewall addresses. That's a lot, methinks! In other words, there's practically a bright red flag sticking up saying I'm encrypted! Look over here!...it's child's play (well, if you consider making an ASIC child's play!) to then look at the S/A and D/a to see if they are interesting. If they belong to the IP spaces of two large companies, for instance, then look elsewhere (though I hear rumors that the NSAs of the world are branching out into industrial eavesdropping for their parent companies, ehr, for their parent countries). If a secure VPN tunnel forms between al-Jazeera's firewall and, say, some ISP near Atlantic Avenue in Brooklyn (heavy Arab community), then all sorts of spyglasses could pop up. The title of this thread is What email encryption is actually in use?. I posted that a lot intra-company email often goes over encrypted VPNs between worksites, and that this should be considered in trying to figure out how much email is encrypted. After some back and forth to educate you on how IPSEC tunneling works, you now understand, but it turns out that that was not what you were interested in. VPNs no more raise a red flag than does any other form of encrypted communication without steganography. If your threat model includes end-point identification, then use alt.anonymous.messages. If traffic analysis is also a worry, use stego. VPNs are probably responsible for more encrypted traffic than anything else on the net, and meet corporate threat models very well. If your threat model is different, you may need a different solution. Peter Trei
Re: What email encryption is actually in use?
On Sun, Nov 03, 2002 at 11:23:36AM -0800, Tim May wrote: - -- treat text as text, to be sent via whichever mail program one uses, or whichever chatroom software (not that encrypted chat rooms are likely...but who knows?), or whichever news reader software http://www.invisible.net is sort of an encrypted chatroom. -- Windows, Icons, Mice and Pointers. A jedi craves not these things.
traffic analysis of VPN/secure tunnels (Re: What email encryption is actually in use?)
On Mon, Nov 04, 2002 at 12:58:55PM -0500, Trei, Peter wrote: Durden's question was whether a snooper on an IPSEC VPN can tell (for example) an encrypted email packet from an encrypted HTTP request. The answer is no. All Eve can tell is the FW1 sent FW2 a packet of a certain size. The protocol of the encapsulated IP packet, it's true source behind FW1, it's true destination behind FW2, and the true destination port are all hidden. An external obseverer being able to tell the time of exchange or percentage of traffic which is email vs http through a VPN probably isn't a big deal to most people. But if someone did care, it may be that you could have some probabilistic indication of whether the traffic is email or http (or other distinctions) based on the size of the packets, the timing that kind of thing. As there are different internal originating-points (mail hub, vs desktop/desktop+proxy cache), probably aspects of the hardware, TCP stack and application performance and behavior would leave some still recognizable performance and IP packet size signature. A more direct traffic-analysis type of risk is interactive session protocols like telnet, perhaps some chat programs where the characters are sent as they are typed. In this scenario it may be that an attacker could reconstruct the plaintext by analysing typing characteristics. (There was a paper about this risk for interactive sessions over SSH published a while back -- don't have the reference handy, probably google could find it). Another related type of risk is that SSL does not necessarily obsecure the page requested as the request and/or response may have unique, predictable and publicly measurable size uniquely identifying the document requested. Adam -- http://www.cypherspace.org/adam/
Re: What email encryption is actually in use?
FWIW In the Si biz, its quite common to encrypt files. I've seen (albeit lame, and with guessable passwords) zip encryption and the classic crypt used. Between engineers, and between lawyers and engineers. Typically the encrypted info is an attachment to unencrypted email (often describing its contents!), though this is also used for ftp sites. (The zip programs are considered universal today.) When we were working on a crypto chip (ca 1998), we did actually manage to have half a dozen engineers/managers regularly using PGP, between Macs and PCs. That's since faded to nil. Thinking about this, I conclude that email is considered useful because its *so* easy to send. Adding non-transparent decryption is too much of a bother. (Though the way that later PGP versions can retain your passphrase *can* make it transparent (at a security-cost of retaining your passphrase!)) Maybe it'll take an ISP-snoop-based insider trading scandal for the SEC to require email crypto :-) Version issues haven't been a problem with PGP, but we had to find the right versions of PGPfone to interoperate between Mac/PCs. At 11:01 PM 11/2/02 -0500, Tyler Durden wrote: Prior to that, the encrypted email I've sent in the past year or so has almost always failed, because of version incompatibilities, While in Telecom I was auditing optical transport gear, and we adopted the practice of encrypting all of our audit reports to vendors. Of course, the chance of there being an eavesdropper (uh...other than NSA, that is) was a plank energy above zero, but it gave the vendors the imporession we really cared a lot about their intellectual property (if we determined a problem with their equipment, and if that info ever leaked, it could have a major impact on them). That the mesages were decrypted I know for sure, and it was easy for the customers: we would verbally tell them the password for unpacking the encrypted file, and they merely typed it in a it extracted itself. I think the encryption tool was installed directly into the file manager (or whatever it's called now), so it was easy to do.
Re: What email encryption is actually in use?
On Sat, 2 Nov 2002, Tim May wrote: PK crypto has made a lot of things a lot easier, but expecting it all to work with a click of a button is naive. Of course, most of us don't actually have secrets which make protocols and efforts justifiable. There's the rub. I expect it to work with the click of a button. If our goal is that crypto not be simply something for the members of the cypherpunk crypto hackers club, and instead be a tool for the masses, used for the protection of information that they deem to be private (regardless of how important a secret it may be), then crypto applications *must* be as easy to use as AOL. Sacrificing the level of security provided is a reasonable option. If crypto apps are too hard to use, they provide no security, since they are not used. If there is no way to provide military-strength crypto in a one-click solution, then so be it. Does the average user need military-grade solutions to hide whatever secrets he may have? If ease of use isn't your concern, if foreign governments are your threats, if your budget allows for specially trained crypto operators, by all means -- deploy the ultra-secure and difficult to use cryptosystems. What's naive is trying to ram such products down the public's collective throat. Cryptographic solutions are not of all or nothing strength. I don't know why UI hasn't been the foremost priority of crypto vendors all along... --Len.
Re: What email encryption is actually in use?
On Sunday 03 November 2002 12:53, Len Sassaman wrote: On Sat, 2 Nov 2002, Tim May wrote: PK crypto has made a lot of things a lot easier, but expecting it all to work with a click of a button is naive. Of course, most of us don't actually have secrets which make protocols and efforts justifiable. There's the rub. I expect it to work with the click of a button. ... crypto applications *must* be as easy to use as AOL. Sacrificing the level of security provided is a reasonable option. ... Agreed. Setup should be pretty simple, but daily use for the unwashed masses has to be one-click. And version compatibility problems have _got_ to disappear. Actually, PGP's Outlook plug-in comes pretty close to this. It has just two usability shortcomings that I can think of right now: it needs an option to remember the passphrase (yah, it's a security hole, but not as big a one as not using encryption at all); the identification and fetching of other users' keys needs to be simpler (1); and the compatibility problems have _got_ to disappear. Yes, I know I'm repeating myself on that last bit, but it's the biggest show-stopper of the bunch. The receiving side needs to be completely painless. Again, optionally remember the passphrase and optionally automatically decrypt and verify signatures. KMail is pretty good, at least with signatures: it shows a stripe down the side indicating a GPG/PGP message and it checks the signature if the signer is in my keyring. I want copious use of crypto partly out of a slight regard for the interests of the average user but mostly as cover for anything I might want to do. And partly to make harder the lives of the kind of bastards who'd go into a career of looking at other people's mail. 1: I don't have any workable ideas on how to find the right person's key in the face of changing email addresses. But the selection of the particular key from those available for a given person needs to be automated; having to drill down through several levels and then choosing from several possible keys is too confusing and too much work even if it's not confusing. -- Steve FurlongComputer Condottiere Have GNU, Will Travel Vote Idiotarian --- it's easier than thinking
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sunday, November 3, 2002, at 09:53 AM, Len Sassaman wrote: What's naive is trying to ram such products down the public's collective throat. Cryptographic solutions are not of all or nothing strength. I don't know why UI hasn't been the foremost priority of crypto vendors all along... I think it has been, and that this has slowed development and confused things. About 8-10 years ago the focus was on integrating PGP with elm, tin, Eudora, etc. I argued then, and I still argue now, for a non-integration policy: - -- treat text as text, to be sent via whichever mail program one uses, or whichever chatroom software (not that encrypted chat rooms are likely...but who knows?), or whichever news reader software - -- compose in whichever text editor or word processor, apply crypto to that text (or in clipboard), paste into which above program This keeps things clean, as the GUI of the WP, mail program, newsreader, etc. is not used at all. By clean I mean that text is text, sort of WYSIWYG. Encrypted text is just another arrangement of ASCII (or Unicode, as the case may be) symbols. This means that any program capable of sending and receiving text can handle encrypted text. Automatic decryption would be like any other automatic processing of text. Not having the crypto engine tied so closely to Outlook, or Eurdora, or elm, or whatever, also cuts down on the gaps when PGP is not usable because a service pack or upgrade has knocked out the compatibility. As in the 2-year gap when OS X and its supplied Mail program did not work with any version of PGP, except in Classic mode...most casual users were not interesting in chasing down GPG and getting it to work with 10.0, then 10.1, then 10.2, etc. And _that_ is one reason working at the click of a button is actually a backward step for many users with many different packages and versions of software. I also like _seeing_ that a message is in encrypted form, with whichever headers and footers are attached by PGP. Some variants of PGP don't show the encrypted message, or the signature blocks, at all. The encryption and signatures are applied as the message is _sent_. Which is why I used to use the clipboard mode of PGP to encrypt and sign in any of my various text editors--or even my mail program-- and then paste in the finished text, just so I could verify it was all going out the right way. I think most users, even casual ones, would accept this advice: Look, encrypted text is just a rearrangement of text. Compose your message in whatever editor or word processor you want, apply the encryption directly to that text, then paste in or otherwise send that new text out. Expecting encryption to be closely tied in to to ever-changing mailers, word processors, news readers, and multiple iterations of OSes, is just too big a chore for developers to keep up with. (P.S. I'm going to do something I don't often do: sign a post. Reasons for not signing posts are manyfold. Advantages are few. But this is to illustrate a point: that I have told the integrated PGP in OS X 10.2 Mail to sign. But I won't know if it accepted my command until I send this out and it pauses to ask me for my passphrase. If I did something wrong, or if adding this paragraph _here_ somehow glitches things, then it goes out unsigned. No big deal. But what if I were telling PGP to encrypt and it went out accidentally unencrypted? IMO, we've lost a lot of transparency by not having the user actually _see_ his message in a signed or encrypted form prior to sending. Perhaps there's a setting somewhere in PGP that allows this...checking now, I don't see it in any obvious place. Now, here goes with the send) - --Tim May That government is best which governs not at all. --Henry David Thoreau -BEGIN PGP SIGNATURE- Version: PGP 8.0 (Build 288) Beta iQA/AwUBPcV3yvHMrDA90hdkEQKh+wCg+Rd+RuiaZxbqIFYhsghkR3t4sSUAn3OG 3ePIq3c2ow89/vV5pkxoSJHo =0Gl/ -END PGP SIGNATURE-
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sunday, November 3, 2002, at 10:29 AM, Steve Furlong wrote: Agreed. Setup should be pretty simple, but daily use for the unwashed masses has to be one-click. And version compatibility problems have _got_ to disappear. Actually, PGP's Outlook plug-in comes pretty close to this. As with the situation a decade ago, there are: * several OSes in use (2-3 in Wintel world, 2 in Mac world, plus outliers) * various release versions of each * about 5-8 major mail programs covering these platforms * about 3-5 major newsreader programs (Things were the same in 1993, when PGP needed to be integrated with elm, pine, Eudora, tin, emacs, and on half a dozen OSes which people were using. Not surprisingly, this integration was never completed, as PGP changes, as OSes changed, as elm and pine got dropped and newer programs came to the fore. Now the Golden Age will arrive if only people adopted Outlook on a Windows XP machine.) A vendor who wants to integrate his program needs to deal with about 100 combinations to cover 90% of users. He can reduce this from having to support 300 combos by saying We don't support OS 9 or We support Entourage, Outlook, Outlook Express, and Eudora only. Several times over the past decade I have heard people urge others to change their mailer to one that is supported. This is even worse than not one-click operation, as it asks users to abandon programs and OSes they like or need in order to obtain a marginal gain of sending a receiving encrypted messages with one click. (I already said what I think is the cleanest solution: treat crypto as something applied to text, forgetting about integration as the core feature.) - --Tim May That government is best which governs not at all. --Henry David Thoreau -BEGIN PGP SIGNATURE- Version: PGP 8.0 (Build 288) Beta iQA/AwUBPcWE/fHMrDA90hdkEQKR+gCdGqlyJZl+lgOexwIh9O3Ql7lCzIQAoNWN Oe2iAcELJIStDMR8l0c7EaT+ =j0os -END PGP SIGNATURE-
Re: What email encryption is actually in use?
On Sun, Nov 03, 2002 at 11:23:36AM -0800, Tim May wrote: | I think most users, even casual ones, would accept this advice: | | Look, encrypted text is just a rearrangement of text. Compose your | message in whatever editor or word processor you want, apply the | encryption directly to that text, then paste in or otherwise send that | new text out. Expecting encryption to be closely tied in to to | ever-changing mailers, word processors, news readers, and multiple | iterations of OSes, is just too big a chore for developers to keep up | with. Most users think text comes in colors, and don't understand why documents produced by MS Word are different from text. This is inevitable as we shift towards a world of ubiquitous computing: The average user understands less and less. To put it another way, if most users could accept that advice, most of my business email would be encrypted after someone sent me an NDA. The person cares about confidentiality, but doesn't know how to achieve it, and doesn't understand why its not in their mailer. Adam -- It is seldom that liberty of any kind is lost all at once. -Hume
Re: What email encryption is actually in use?
On Saturday November 2 2002 11:09, Adam Shostack wrote: I'd be interested to hear how often email content is protected by any form of crypto, including IPsec, Starttls, ssh delivery, or PGP or SMIME. There's probably an interesting paper in going out and looking at this. I use GnuPG to the people I know that have it. Admittedly that number is rather low but I am working on raising it. My e-mail client will do SSL and TLS so most if not all of my messages are protected at least to and from the ISP's servers. I would like to use GnuPG (my OpenPGP application of choice) more often. Unfortunately the number of people that have it is too low to make this practical and providers like AOL making it very difficult to use encryption with their proprietary e-mail clients pushes the number even lower than it should be. Part of the problem is too many people not realizing that one sending e-mail in the clear means that one trusts their ISP's admins, the receiving ISP's admins, and anyone with root (or possibly even just physical access) on a network between them. All it takes is one untrustworthy person snooping on the wire and there goes your privacy. Granted, yes, it's a violation of laws like the ECPA (in the US) to do so, but when there are potentially dozens of people who could have divulged a message, how does one know who to prosecute? -- Shawn K. Quinn
Re: What email encryption is actually in use?
On Saturday, November 2, 2002, at 08:01 PM, Tyler Durden wrote: Prior to that, the encrypted email I've sent in the past year or so has almost always failed, because of version incompatibilities, While in Telecom I was auditing optical transport gear, and we adopted the practice of encrypting all of our audit reports to vendors. Of course, the chance of there being an eavesdropper (uh...other than NSA, that is) was a plank energy above zero, but it gave the vendors the imporession we really cared a lot about their intellectual property (if we determined a problem with their equipment, and if that info ever leaked, it could have a major impact on them). When I was at Intel we sent our designs for microprocessors to European branches and/or partners. One set of designs sent to MATRA/Harris, a partner in the 80C86, was stolen in transit. (The box of tapes arrived in Paris, but the tapes had been replaced by the suitable weight of bricks.) The moral: 99.x % of traffic is of little interest to thieves or eavesdroppers. But some fraction is. And it often isn't appreciated until after a theft or eavesdrop in which category the traffic lies. (Equivalent to people not thinking about backups until it's too late.) Having said this, I, too, rarely encrypt. It should get easier, now that PGP 8 is well-integrated into the Mail program I use in OS X. (Years ago PGP stopped working in my mailer, and I had to encrypt and decrypt manually.) It is odd that we mostly think crypto should be easy and painless. The military, with a real need for crypto, has full-time code clerks on ships and at bases, even out on the battlefield. And they have code shacks and cipher rooms and all sorts of procedure and rigamarole about envelopes, couriers, locks on doors, combo locks on safes, need to know, etc. PK crypto has made a lot of things a lot easier, but expecting it all to work with a click of a button is naive. Of course, most of us don't actually have secrets which make protocols and efforts justifiable. There's the rub. --Tim May
Re: What email encryption is actually in use?
On Sat, 2 Nov 2002, Tim May wrote: PK crypto has made a lot of things a lot easier, but expecting it all to work with a click of a button is naive. Of course, most of us don't actually have secrets which make protocols and efforts justifiable. There's the rub. I expect it to work with the click of a button. If our goal is that crypto not be simply something for the members of the cypherpunk crypto hackers club, and instead be a tool for the masses, used for the protection of information that they deem to be private (regardless of how important a secret it may be), then crypto applications *must* be as easy to use as AOL. Sacrificing the level of security provided is a reasonable option. If crypto apps are too hard to use, they provide no security, since they are not used. If there is no way to provide military-strength crypto in a one-click solution, then so be it. Does the average user need military-grade solutions to hide whatever secrets he may have? If ease of use isn't your concern, if foreign governments are your threats, if your budget allows for specially trained crypto operators, by all means -- deploy the ultra-secure and difficult to use cryptosystems. What's naive is trying to ram such products down the public's collective throat. Cryptographic solutions are not of all or nothing strength. I don't know why UI hasn't been the foremost priority of crypto vendors all along... --Len.
Re: What email encryption is actually in use?
On Sunday 03 November 2002 12:53, Len Sassaman wrote: On Sat, 2 Nov 2002, Tim May wrote: PK crypto has made a lot of things a lot easier, but expecting it all to work with a click of a button is naive. Of course, most of us don't actually have secrets which make protocols and efforts justifiable. There's the rub. I expect it to work with the click of a button. ... crypto applications *must* be as easy to use as AOL. Sacrificing the level of security provided is a reasonable option. ... Agreed. Setup should be pretty simple, but daily use for the unwashed masses has to be one-click. And version compatibility problems have _got_ to disappear. Actually, PGP's Outlook plug-in comes pretty close to this. It has just two usability shortcomings that I can think of right now: it needs an option to remember the passphrase (yah, it's a security hole, but not as big a one as not using encryption at all); the identification and fetching of other users' keys needs to be simpler (1); and the compatibility problems have _got_ to disappear. Yes, I know I'm repeating myself on that last bit, but it's the biggest show-stopper of the bunch. The receiving side needs to be completely painless. Again, optionally remember the passphrase and optionally automatically decrypt and verify signatures. KMail is pretty good, at least with signatures: it shows a stripe down the side indicating a GPG/PGP message and it checks the signature if the signer is in my keyring. I want copious use of crypto partly out of a slight regard for the interests of the average user but mostly as cover for anything I might want to do. And partly to make harder the lives of the kind of bastards who'd go into a career of looking at other people's mail. 1: I don't have any workable ideas on how to find the right person's key in the face of changing email addresses. But the selection of the particular key from those available for a given person needs to be automated; having to drill down through several levels and then choosing from several possible keys is too confusing and too much work even if it's not confusing. -- Steve FurlongComputer Condottiere Have GNU, Will Travel Vote Idiotarian --- it's easier than thinking
Re: What email encryption is actually in use?
On Sun, Nov 03, 2002 at 11:23:36AM -0800, Tim May wrote: | I think most users, even casual ones, would accept this advice: | | Look, encrypted text is just a rearrangement of text. Compose your | message in whatever editor or word processor you want, apply the | encryption directly to that text, then paste in or otherwise send that | new text out. Expecting encryption to be closely tied in to to | ever-changing mailers, word processors, news readers, and multiple | iterations of OSes, is just too big a chore for developers to keep up | with. Most users think text comes in colors, and don't understand why documents produced by MS Word are different from text. This is inevitable as we shift towards a world of ubiquitous computing: The average user understands less and less. To put it another way, if most users could accept that advice, most of my business email would be encrypted after someone sent me an NDA. The person cares about confidentiality, but doesn't know how to achieve it, and doesn't understand why its not in their mailer. Adam -- It is seldom that liberty of any kind is lost all at once. -Hume
Re: What email encryption is actually in use?
FWIW In the Si biz, its quite common to encrypt files. I've seen (albeit lame, and with guessable passwords) zip encryption and the classic crypt used. Between engineers, and between lawyers and engineers. Typically the encrypted info is an attachment to unencrypted email (often describing its contents!), though this is also used for ftp sites. (The zip programs are considered universal today.) When we were working on a crypto chip (ca 1998), we did actually manage to have half a dozen engineers/managers regularly using PGP, between Macs and PCs. That's since faded to nil. Thinking about this, I conclude that email is considered useful because its *so* easy to send. Adding non-transparent decryption is too much of a bother. (Though the way that later PGP versions can retain your passphrase *can* make it transparent (at a security-cost of retaining your passphrase!)) Maybe it'll take an ISP-snoop-based insider trading scandal for the SEC to require email crypto :-) Version issues haven't been a problem with PGP, but we had to find the right versions of PGPfone to interoperate between Mac/PCs. At 11:01 PM 11/2/02 -0500, Tyler Durden wrote: Prior to that, the encrypted email I've sent in the past year or so has almost always failed, because of version incompatibilities, While in Telecom I was auditing optical transport gear, and we adopted the practice of encrypting all of our audit reports to vendors. Of course, the chance of there being an eavesdropper (uh...other than NSA, that is) was a plank energy above zero, but it gave the vendors the imporession we really cared a lot about their intellectual property (if we determined a problem with their equipment, and if that info ever leaked, it could have a major impact on them). That the mesages were decrypted I know for sure, and it was easy for the customers: we would verbally tell them the password for unpacking the encrypted file, and they merely typed it in a it extracted itself. I think the encryption tool was installed directly into the file manager (or whatever it's called now), so it was easy to do.
Re: What email encryption is actually in use?
On Sunday, November 3, 2002, at 06:14 PM, David W. Hodgins wrote: -BEGIN PGP SIGNED MESSAGE- The advantages really disappear, when the key used to sign the message isn't sent to the key servers {:. Those who need to know, know. You, I've never seen before. Even if you found my key at the Liberal Institution of Technology, what would it mean? Parts of the PGP model are ideologically brain-dead. I attribute this to left-wing peacenik politics of some of the early folks. --Tim May
Re: What email encryption is actually in use?
-- James A. Donald: I intended to sign this using Network Associates command line pgp, [6.5.8]only to discover that pgp -sa file produced unintellible gibberish, that could only be made sense of by pgp, so that no one would be able to read it without first checking my signature. David Howe you made a minor config error - you need to make sure clearsign is enabled. James A. Donald: I suggest that network associates should have hired me as UI design manager, or failing, that, hired the dog from down the street as UI design manager. David Howe It's command line. Most cyphergeeks like command line tools powerful and cryptic :) We also like the most common uses to be *on* the command line. If the option is not on the command line, it is *not* powerful and it is a little too cryptic. The pgp.cfg file is empty by default on my machine, the cfg file options are nowhere documented, clearsigning is nowhere documented, and Clearsign=on did not work. In the last generally useful version of pgp (pgp 2.6.2) pgp -sa gave clear signing, but it was unusable, because trivial differences, such as the unix/windows difference on carriage returns would cause the signature check to fail. Because there were so many false negatives, no one would check clearsigned signatures. I conjecture that in pgp 6.5.8 they have addressed this problem by making clear signatures as inaccessible as possible, rather than by fixing it. I could get clearsigning by telling my pgp 6.5.8 to be compatible with 2.6.2, but I have already discovered that 2.6.2 clear signing was hopelessly broken. Had clear signing worked, then everyone with a valuable domain name would have used the pgp interface to control their domain names, to ensure that one's domain name could not be hijacked, as so many domain names have been. This would have created a massive base of pgp users. However, due to architectural defects in pgp, design bugs rather than coding bugs, this use of pgp was broken, and so was seldom used, and eventually ceased to work entirely. Presumably there was no maintenance on the pgp inteface to domain name control, because no one was using it. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG MUiyRJ8PRbLCXnVMWCpeKvsn5GdOlAB9t6O7K0Hb 4GBcVbBHZFN0vg8apVt35e9Y2khaPdgrM+Y6uOys6
Re: What email encryption is actually in use?
at Monday, September 30, 2002 7:52 PM, James A. Donald [EMAIL PROTECTED] was seen to say: Is it practical for a particular group, for example a corporation or a conspiracy, to whip up its own damned root certificate, without buggering around with verisign? (Of course fixing Microsoft's design errors is never useful, since they will rebreak their products in new ways that are more ingenious and harder to fix.) Yup. In fact, some IPSec firewalls rely on the corporate having a local CA root to issue keys for VPN access. from there it is only a small step to using the same (or parallel issued) keys for email security. The problem there really is that the keys will be flagged as faulty by anyone outside the group (and therefore without the root key already imported), and that will usually only work in a semi-rigid hierachical structure. There *is* an attempt to set up something resembling a Web of trust using x509 certificiates, currently in the early stages at nntp://news.securecomp.org/WebOfTrust I intended to sign this using Network Associates command line pgp, only to discover that pgp -sa file produced unintellible gibberish, that could only be made sense of by pgp, so that no one would be able to read it without first checking my signature. you made a minor config error - you need to make sure clearsign is enabled. I suggest that network associates should have hired me as UI design manager, or failing, that, hired the dog from down the street as UI design manager. It's command line. Most cyphergeeks like command line tools powerful and cryptic :)
Re: What email encryption is actually in use?
An interesting tidbit in the September Information Security Bulletin is the claim from MessageLabs that only .005% of the mail they saw in 2002 is encrypted, up from .003% in 2000. (MessageLabs is an outsourcing email anti-virus company.) At this thrilling rate of growth, it will be on the order of between 30 and 40 years before we see most email being encrypted. And about 10 years before we start to see any real hope of a fax effect. Lets be sure to consider that the PGP model is working. After all, thats faster than the adoption of the, ummm, well, I'm sure someone can take comfort from it. Maybe even someone other than the eavesdroppers. Now, it may be that they have a unusual sampling because only a nutcase company would send all its email through a 3rd party processor. But I don't believe that to be true. Most companies send their email unencrypted through a single ISP. Messagelabs only has it slightly easier when it comes to eavesdropping. Last month, about 5% of my email was sent PGP encrypted, about 2% STARTTLS encrypted, and about 25% SSH encrypted to people on the same mail server, where POP and IMAP only function via SSH. I'd be interested to hear how often email content is protected by any form of crypto, including IPsec, Starttls, ssh delivery, or PGP or SMIME. There's probably an interesting paper in going out and looking at this. Adam -- It is seldom that liberty of any kind is lost all at once. -Hume
Re: What email encryption is actually in use?
On Saturday 02 November 2002 12:09, Adam Shostack wrote: An interesting tidbit in the September Information Security Bulletin is the claim from MessageLabs that only .005% of the mail they saw in 2002 is encrypted, up from .003% in 2000. ... Last month, about 5% of my email was sent PGP encrypted, about 2% STARTTLS encrypted, and about 25% SSH encrypted to people on the same mail server, where POP and IMAP only function via SSH. I'd be interested to hear how often email content is protected by any form of crypto, including IPsec, Starttls, ssh delivery, or PGP or SMIME. There's probably an interesting paper in going out and looking at this. Well, here's a datum for you: in the past four or five months, I have sent exactly no encrypted email. There are several reasons, notably that most of my email correspondents are business types who can't handle encryption even after several lessons and checklists and even when the tools are integrated into the MUA. Prior to that, the encrypted email I've sent in the past year or so has almost always failed, because of version incompatibilities, human error, changes of email address, and what-not. Or because the recipient simply isn't bothering to decrypt mail any more because it's more trouble than it's worth for the low quality of information conveyed. The only business environment I've ever worked in which successfully used encrypted email mandated specific versions of mail client (Outlook, ecch) and PGP (integrated into Outlook), had a jackbooted thug to make sure everyone's keyring was up to date, and had a fairly small (couple dozen), mostly technically proficient, user base. And even there, half the time the encrypted message wasn't sensitive enough to be worth encrypting nor important enough to be worth decrypting. I have signed a few messages in the recent past, but that was probably even less worthwhile than encrypting them. For all I know, not a single one has been verified. -- Steve FurlongComputer Condottiere Have GNU, Will Travel Vote Idiotarian --- it's easier than thinking
RE: What email encryption is actually in use?
Peter wrote [about the benefits of STARTTLS]: As opposed to more conventional encryption, where you're protecting nothing at any point along the chain, because 99.99% of the user base can't/won't use it. In any case most email is point-to-point, which means you are protecting the entire chain (that is, if I send you mail it may go through a few internal machines here or there, but once it hits the WAN it's straight from my gateway to yours). I must concur with Peter. The overwhelming majority of email recipients with whom I routinely exchange PGP encrypted email operates their own MTAs, located within their trust boundaries. Which should come as no surprise, since those with whom I discuss topics requiring secure communications tend to be conscious of security and thus like to be able to control the properties of their MTA and other network services. I also agree that current MTAs' implementations of STARTTLS are only a first step. At least in postfix, the only MTA with which I am sufficiently familiar to form an opinion, it appears impossible to require that certs presented by trusted parties match a particular hash while certs presented by untrusted MTAs can present any certificate they desire to achieve EDH-level security. I am aware that the certs presented by trusted parties could of course all be signed by the same CA, but this is an unworkable model in personal communications. What is required in practice is a list of trusted MTAs with corresponding hashes implemented at the MTA level. --Lucky Green
Re: What email encryption is actually in use?
at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann [EMAIL PROTECTED] was seen to say: For encryption, STARTTLS, which protects more mail than all other email encryption technology combined. See http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix02_slides.pdf (towards the back). I would dispute that - not that it isn't used and useful, but unless you are handing off directly to the home machine of the end user (or his direct spool) odds are good that the packet will be sent unencrypted somewhere along its journey. with TLS you are basically protecting a single link of a transmission chain, with no control over the rest of the chain. For signing, nothing. The S/MIME list debated having posts to the list signed, and decided against it: If I know you, I can recognise a message from you whether it's signed or not. Signing has a limited application - I wouldn't use it routinely other than to establish an association (key--poster) early in a conversation, and then omit it except for things whose source *I* would want verified if I was receiving it. It is unusual for me to use a sig outside of encrypt+sign. If I don't know you, whether it's signed or not is irrelevant. Depends on the definition of know. If a poster had a regular habit of posting at least one signed message every week, and had never protested that the sigs were faked, then you could assume that the poster whose sig just cleared is the same as the poster who has been posting for that time period - mapping that to any real-world individual is more problematic, but mostly you don't need to. There are plenty of people I only know online from email exchanges, and in some cases am not even sure what sex they are :)
Re: why bother signing? (was Re: What email encryption is actually in use?)
There have been episodes of spoofing on this list. If client side encryption just worked, and if what is considerably more difficult, checking the signatures just worked, there would be no bother, hence it would be rational to sign Not just work but opt out is what you are looking for. If there are n posters to the list and m people signing, then their are only n-m spoof targets. As m approaches n, the number of forgeries rapidly approaches zero as there is no one left worth spoofing who can be spoofed. But as each individuals chance of being spoofed approaches zero, the benefit gained by signing also approaches zero. Consequently unless there are additional costs to non-signing above and beyond spoof protection there will always be a substantial number of unsigned messages. -- Julian Assange|If you want to build a ship, don't drum up people |together to collect wood or assign them tasks and [EMAIL PROTECTED] |work, but rather teach them to long for the endless [EMAIL PROTECTED] |immensity of the sea. -- Antoine de Saint Exupery
Re: why bother signing? (was Re: What email encryption is actually in use?)
There have been episodes of spoofing on this list. If client side encryption just worked, and if what is considerably more difficult, checking the signatures just worked, there would be no bother, hence it would be rational to sign Not just work but opt out is what you are looking for. If there are n posters to the list and m people signing, then their are only n-m spoof targets. As m approaches n, the number of forgeries rapidly approaches zero as there is no one left worth spoofing who can be spoofed. But as each individuals chance of being spoofed approaches zero, the benefit gained by signing also approaches zero. Consequently unless there are additional costs to non-signing above and beyond spoof protection there will always be a substantial number of unsigned messages. -- Julian Assange|If you want to build a ship, don't drum up people |together to collect wood or assign them tasks and [EMAIL PROTECTED] |work, but rather teach them to long for the endless [EMAIL PROTECTED] |immensity of the sea. -- Antoine de Saint Exupery
Re: why bother signing? (was Re: What email encryption is actually in use?)
Ben Laurie wrote: On Fri, Oct 04, 2002 at 01:07:50PM -0700, Major Variola (ret) wrote: At 04:45 PM 10/3/02 -0700, James A. Donald wrote: -- James A. Donald wrote: If we had client side encryption that just works we would be seeing a few more signed messages on this list, Ben Laurie wrote: Why would I want to sign a message to this list? Then all the people who read this list, were they to receive a communication from you, they would know it was the same Ben Laurie who posts to this list. But Ben is not spoofed here! He is now. Cheers, Ben. I will confirm this as a (detectable) spoof :-) Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
why bother signing? (was Re: What email encryption is actually in use?)
At 04:45 PM 10/3/02 -0700, James A. Donald wrote: -- James A. Donald wrote: If we had client side encryption that just works we would be seeing a few more signed messages on this list, Ben Laurie wrote: Why would I want to sign a message to this list? Then all the people who read this list, were they to receive a communication from you, they would know it was the same Ben Laurie who posts to this list. But Ben is not spoofed here! So there is little motivation. In an environment where spoofing was common, folks would sign (which is not incompatible with retaining anonymity, of course). You could also sign anonymous statements here which you might decide to bind to one of your identities later. In the absence of any need, its not rational to bother.
Re: why bother signing? (was Re: What email encryption is actually in use?)
On Fri, Oct 04, 2002 at 01:07:50PM -0700, Major Variola (ret) wrote: At 04:45 PM 10/3/02 -0700, James A. Donald wrote: -- James A. Donald wrote: If we had client side encryption that just works we would be seeing a few more signed messages on this list, Ben Laurie wrote: Why would I want to sign a message to this list? Then all the people who read this list, were they to receive a communication from you, they would know it was the same Ben Laurie who posts to this list. But Ben is not spoofed here! He is now. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
Re: why bother signing? (was Re: What email encryption is actually in use?)
James A. Donald: If we had client side encryption that just works we would be seeing a few more signed messages on this list, Major Variola (ret): But Ben is not spoofed here! So there is little motivation. [...] In the absence of any need, its not rational to bother. There have been episodes of spoofing on this list. If client side encryption just worked, and if what is considerably more difficult, checking the signatures just worked, there would be no bother, hence it would be rational to sign --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG j35pZ93cRp46pIhaD4AQ0X3neQjPEV2l9JrKJ2L2 4Eto77muLU+n+EF8nNrcbcSAMw1Vtdttyl1600R9x
Re: What email encryption is actually in use?
Adam Shostack wrote: Whats wrong with PGP sigs is that going on 9 full years after I generated my first pgp key, my mom still can't use the stuff. Mozilla+enigmail+gpg. It just works. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
Re: What email encryption is actually in use?
-- James A. Donald wrote: If we had client side encryption that just works we would be seeing a few more signed messages on this list, and those that appear, would actually be checked. Send an unnecessarily encrypted message to Tim and he will probably threaten to shoot you. Ben Laurie wrote: Why would I want to sign a message to this list? Then all the people who read this list, were they to receive a communication from you, they would know it was the same Ben Laurie who posts to this list. Of course, if you were in the habit of posting suggestions to this list that you break the law, this might be a bad idea, but to the best of my recollection, you do not. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG camCoW1VxLtKI1Q8U87Pid9dPFLuYKXqZMqDPd6y 4BIPT6xmk2CLc9m90mQsQOrs/2issShK6u9NJ42zf
Re: What email encryption is actually in use?
-- Adam Shostack wrote: Whats wrong with PGP sigs is that going on 9 full years after I generated my first pgp key, my mom still can't use the stuff. On 3 Oct 2002 at 17:33, Ben Laurie wrote: Mozilla+enigmail+gpg. It just works. If we had client side encryption that just works we would be seeing a few more signed messages on this list, and those that appear, would actually be checked. Send an unnecessarily encrypted message to Tim and he wil probably threaten to shoot you. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 2Xas831JtcVC2arD+2zXouy3o82ZsDYT6VWbi0g 4LoqK+b3poXgDltScDKS3wl1UILcpvnNaumqELJhn
Re: What email encryption is actually in use?
On Thu, Oct 03, 2002 at 11:15:02AM -0700, James A. Donald wrote: On 3 Oct 2002 at 17:33, Ben Laurie wrote: Mozilla+enigmail+gpg. It just works. If we had client side encryption that just works we would be seeing a few more signed messages on this list, and those that appear, would actually be checked. Send an unnecessarily encrypted message to Tim and he wil probably threaten to shoot you. I always sign my messages, but the listserv software deletes the attached signature. Go figure. :) -- guru, n: A computer owner who can read the manual. [demime 0.97c removed an attachment of type application/pgp-signature]
Re: What email encryption is actually in use?
James A. Donald wrote: -- Adam Shostack wrote: Whats wrong with PGP sigs is that going on 9 full years after I generated my first pgp key, my mom still can't use the stuff. On 3 Oct 2002 at 17:33, Ben Laurie wrote: Mozilla+enigmail+gpg. It just works. If we had client side encryption that just works we would be seeing a few more signed messages on this list, and those that appear, would actually be checked. Send an unnecessarily encrypted message to Tim and he wil probably threaten to shoot you. Why would I want to sign a message to this list? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
Re: What email encryption is actually in use?
Adam Shostack wrote: Whats wrong with PGP sigs is that going on 9 full years after I generated my first pgp key, my mom still can't use the stuff. Mozilla+enigmail+gpg. It just works. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
Re: What email encryption is actually in use?
-- Adam Shostack wrote: Whats wrong with PGP sigs is that going on 9 full years after I generated my first pgp key, my mom still can't use the stuff. On 3 Oct 2002 at 17:33, Ben Laurie wrote: Mozilla+enigmail+gpg. It just works. If we had client side encryption that just works we would be seeing a few more signed messages on this list, and those that appear, would actually be checked. Send an unnecessarily encrypted message to Tim and he wil probably threaten to shoot you. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 2Xas831JtcVC2arD+2zXouy3o82ZsDYT6VWbi0g 4LoqK+b3poXgDltScDKS3wl1UILcpvnNaumqELJhn
Re: What email encryption is actually in use?
On Thu, Oct 03, 2002 at 11:15:02AM -0700, James A. Donald wrote: On 3 Oct 2002 at 17:33, Ben Laurie wrote: Mozilla+enigmail+gpg. It just works. If we had client side encryption that just works we would be seeing a few more signed messages on this list, and those that appear, would actually be checked. Send an unnecessarily encrypted message to Tim and he wil probably threaten to shoot you. I always sign my messages, but the listserv software deletes the attached signature. Go figure. :) -- guru, n: A computer owner who can read the manual. [demime 0.97c removed an attachment of type application/pgp-signature]
Re: What email encryption is actually in use?
James A. Donald wrote: -- Adam Shostack wrote: Whats wrong with PGP sigs is that going on 9 full years after I generated my first pgp key, my mom still can't use the stuff. On 3 Oct 2002 at 17:33, Ben Laurie wrote: Mozilla+enigmail+gpg. It just works. If we had client side encryption that just works we would be seeing a few more signed messages on this list, and those that appear, would actually be checked. Send an unnecessarily encrypted message to Tim and he wil probably threaten to shoot you. Why would I want to sign a message to this list? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
Re: What email encryption is actually in use?
-- James A. Donald wrote: If we had client side encryption that just works we would be seeing a few more signed messages on this list, and those that appear, would actually be checked. Send an unnecessarily encrypted message to Tim and he will probably threaten to shoot you. Ben Laurie wrote: Why would I want to sign a message to this list? Then all the people who read this list, were they to receive a communication from you, they would know it was the same Ben Laurie who posts to this list. Of course, if you were in the habit of posting suggestions to this list that you break the law, this might be a bad idea, but to the best of my recollection, you do not. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG camCoW1VxLtKI1Q8U87Pid9dPFLuYKXqZMqDPd6y 4BIPT6xmk2CLc9m90mQsQOrs/2issShK6u9NJ42zf
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- at Tuesday, October 01, 2002 9:04 PM, Petro [EMAIL PROTECTED] was seen to say: Well, it's a start. Every mail server (except mx1 and mx2.prserv.net) should use TLS. Its nice in theory, but in practice look how long it takes the bulk of the internet to install urgent patches - how long is it going to take to get people to install an upgrade to privacy that actually causes more problems for them? Besides the core here is that 1) everyone with a server enroute can read the mail 2) you are relying on every other link in the chain to protect your privacy clientside crypto fixes both these problems, reduces the total crypto load on the chain (encryption/decryption is only ever done once) and allows use of digital signatures. Once you start using it, it becomes part of hte pattern by wich other people identify you. Exactly the intention, yes :) Just for the sake of it (anyone who cares will have seen my signature enough times by now) I will sign this one :) -BEGIN PGP SIGNATURE- Version: PGP - Cyber-Knights Templar iQIVAwUBPZrB22DKt9Hjj5SVAQF3eBAAh8RK5LgLIPv8JhBwX6kdj2x0c6NsrtdA xiH45Zb+bCNO07ac07n+qyKRZ5UiTGjekjQXjnSOczDFUgCyUymexqif7SnDZ04P S/55rQ31wfUWNRVrO/ULjdq4TVYHMsAUFKhrYgwvYyqJNOg2C+sBwgNsLM3gedm2 R0KRY6pO/wqpVsvki3c27h7wszfvCkmsRrqtuKTwktm23XdbmAs+21YWbThbqc3Y r1gtmH8QrJuUzhPXfE/L104reFo5yi2BMuY/ac1G7uXNc+6yAhy61q4z0v17OMcS glEASE0AO+XrtYFfq/3VXk1SN5S3x44GazHvKo9NgqpJn8pvoNq9TsXhXIa9c1/u hchVahwsuZ6rooMxur8ekLP86zTn8mfI+lFKd1n+LuFzcVbzezzKRH3PM+TjDMTF p0TzHsrDOeUkrYJ2ImznpJ1019oDPBVvDCwRyCqOeLZ9MvARTXLtO9gwjt1NAh2E h7WBYhQyMdlKeUMh6mUwIG7DOoitOnf/mQkmQWybPK7NT2tOhx9uHEWE92iWUxc+ AQF4UywdSvFpTskVBkQIQESsYWGs92A350zEapogB2+cDJxytqtRDN2mLGG6tPPt u+60lj65OQUdc0D91e2W3yif9mF7ul3aztt2Ca5qziyMRVwnoceSwbejDyr1fZLO 8MgGBffIDis= =jz44 -END PGP SIGNATURE- resent - with broken line wrap fixed. damned lousy MS email client :) Next time I *check* first before sending and don't look so clueless in a worldwide list :)
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bill Stewart wrote: | | If your organization is an ISP, the risks are letting them | handle your email at all (especially with currently proposed | mandatory eavesdropping laws), and STARTTLS provides a | mechanism for direct delivery that isn't as likely to be blocked | by anti-spamming restrictions on port 25. | Now to get some email *clients* using it. | BTW, most and probably all of the major mail clients out there will do STARTTLS *for SMTP*. It's a matter of servers offering it and clients being configured to actually use it. It'd be nice if they always used it if it's available, but right now I think they all require being told to. Specifically, Mozilla, Outlook, Outlook Express, Netscape (all the way back to 4.7x at least), Evolution, and Eudora all support STARTTLS (again, for SMTP). I imagine there are others that do as well. Amusingly, virtually none of them support STARTLS on any other protocol. :) IMAP and POP are almost all supported only on dedicated SSL ports (IMAPS, POP3S). Argh. Regards, Jeremey. - -- Jeremey Barrett [[EMAIL PROTECTED]]Key: http://rot26.com/gpg.asc GnuPG fingerprint: 716E C811 C6D9 2B31 685D 008F F715 EB88 52F6 3860 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9mwrg9xXriFL2OGARAo/oAJ0QnWSlj22d3jvdyw8wtfVXIGkjFACeOuXr fZjD8Wo2H/AWkM1saPxNNOY= =g5QQ -END PGP SIGNATURE-
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Udhay Shankar N wrote: | At 10:04 AM 10/2/02 -0500, Jeremey Barrett wrote: | | Amusingly, virtually none of them support STARTLS on any other protocol. | :) IMAP and POP are almost all supported only on dedicated SSL ports | (IMAPS, POP3S). Argh. | | I use Eudora, as I'm very comfortable with it (so comfortable, in fact, | that it's my primary reason for booting Windows at all.) | | The version I use, 5.1, *does* support STARTTLS for POP over both the | regular port 110 as well as alternate ports, as well as user-defined | ports. It needs some tweaking, but the capability exists. | | I don't know about IMAP, as I don't use IMAP to get my mail. | Yes, Eudora is the exception. It supports both STARTTLS and dedicated SSL ports for all mail protocols (it even does SMTPS I think). Jeremey. - -- Jeremey Barrett [[EMAIL PROTECTED]]Key: http://rot26.com/gpg.asc GnuPG fingerprint: 716E C811 C6D9 2B31 685D 008F F715 EB88 52F6 3860 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9mxbK9xXriFL2OGARAsrqAKCeoCG1YA07tRdU8pEi8Rci6SWaKACgtWBv nobLVt5wGMgvwNOT5wTYzLI= =k+kp -END PGP SIGNATURE-
Re: What email encryption is actually in use?
--On Wednesday, 02 October, 2002 10:54 -0500 Jeremey Barrett [EMAIL PROTECTED] wrote: Udhay Shankar N wrote: | At 10:04 AM 10/2/02 -0500, Jeremey Barrett wrote: | | Amusingly, virtually none of them support STARTLS on any other protocol. | :) IMAP and POP are almost all supported only on dedicated SSL ports | (IMAPS, POP3S). Argh. | | I use Eudora, as I'm very comfortable with it (so comfortable, in fact, | that it's my primary reason for booting Windows at all.) | | The version I use, 5.1, *does* support STARTTLS for POP over both the | regular port 110 as well as alternate ports, as well as user-defined | ports. It needs some tweaking, but the capability exists. | | I don't know about IMAP, as I don't use IMAP to get my mail. | Yes, Eudora is the exception. It supports both STARTTLS and dedicated SSL ports for all mail protocols (it even does SMTPS I think). it isn't the only exception: i use mulberry with IMAP, and it supports STARTTLS for both IMAP and SMTP over the normal ports; haven't tried POP3, although it looks like it should work. and this seems to work for mulberry on linux, macs and windows. -paul
Re: What email encryption is actually in use?
Lucky Green wrote: I also agree that current MTAs' implementations of STARTTLS are only a first step. At least in postfix, the only MTA with which I am sufficiently familiar to form an opinion, it appears impossible to require that certs presented by trusted parties match a particular hash while certs presented by untrusted MTAs can present any certificate they desire to achieve EDH-level security. This is probably a stupid question, but... why would you want to do this? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
Re: What email encryption is actually in use?
-- Once you start using it, it becomes part of hte pattern by wich other people identify you. On 2 Oct 2002 at 9:52, David Howe wrote: Exactly the intention, yes :) Just for the sake of it (anyone who cares will have seen my signature enough times by now) I will sign this one :) And PGP tells me signature not checked, key does not meet validity threshold So I said to myself, OK, I will sign David Howe's key on my keyring to tell myself that this is the David Howe who posts on cypherpunks, though of course, pgp gives us merely a single variable trust, which can have no easy connection to the question what do you actually know about this particular David Howe?. (What we really would like is a database of communications indexed by key, so that we could see this communication in the context of past communications with the David Howe that used the same key.) I attempt to sign David Howes key, whereupon PGP gives the highly uninformative error message: Key signature error. It seems that I get similarly uninformative errors whenever I tried to use PGP. And that folks, is at least one of the reasons why end user crypto is not widespread. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 3XIIjDu4swm4B8omsJgkQJcu1Op4/sNb2XkGf18B 4F9ZT3OQag+pZrW134bJdhLT3EeX1wOFqJzi1WJQ5
Re: What email encryption is actually in use?
On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote: | Lucky Green wrote: | I also agree that current MTAs' implementations of STARTTLS are only a | first step. At least in postfix, the only MTA with which I am | sufficiently familiar to form an opinion, it appears impossible to | require that certs presented by trusted parties match a particular hash | while certs presented by untrusted MTAs can present any certificate they | desire to achieve EDH-level security. | | This is probably a stupid question, but... why would you want to do this? So that your regular correspondants are authenticated, while anyone else is opportunisticly encrypted. Adam -- It is seldom that liberty of any kind is lost all at once. -Hume
Re: What email encryption is actually in use?
James A. Donald wrote: And PGP tells me signature not checked, key does not meet validity threshold what version are you on? ckt never does that - it checks it, and marks the sig status as good or bad - but obviously marks the key status as invalid (due to lack of signing) on anyone I don't trust enough to sign :) oh - and some versions of pgp have trouble with that particular key - its a 4K RSA that V5.x would accept, but V6.x wouldn't Try 6.5.8 CKT instead :)
Re: What email encryption is actually in use?
Adam Shostack wrote: On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote: | Lucky Green wrote: | I also agree that current MTAs' implementations of STARTTLS are only a | first step. At least in postfix, the only MTA with which I am | sufficiently familiar to form an opinion, it appears impossible to | require that certs presented by trusted parties match a particular hash | while certs presented by untrusted MTAs can present any certificate they | desire to achieve EDH-level security. | | This is probably a stupid question, but... why would you want to do this? So that your regular correspondants are authenticated, while anyone else is opportunisticly encrypted. ??? How does checking their MTA's cert authenticate them? What's wrong with PGP sigs? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
Re: What email encryption is actually in use?
On Wed, Oct 02, 2002 at 09:12:47PM +0100, Ben Laurie wrote: | Adam Shostack wrote: | On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote: | | Lucky Green wrote: | | I also agree that current MTAs' implementations of STARTTLS are only a | | first step. At least in postfix, the only MTA with which I am | | sufficiently familiar to form an opinion, it appears impossible to | | require that certs presented by trusted parties match a particular hash | | while certs presented by untrusted MTAs can present any certificate they | | desire to achieve EDH-level security. | | | | This is probably a stupid question, but... why would you want to do this? | | So that your regular correspondants are authenticated, while anyone | else is opportunisticly encrypted. | | ??? How does checking their MTA's cert authenticate them? What's wrong | with PGP sigs? Consistency with last time. Whats wrong with PGP sigs is that going on 9 full years after I generated my first pgp key, my mom still can't use the stuff. Sure, you and I can use PGP, but by and large, people don't bother. So lets look at a technology that's getting accepted, and improve it slowly. Adam -- It is seldom that liberty of any kind is lost all at once. -Hume
RE: What email encryption is actually in use?
Ben wrote: Lucky Green wrote: I also agree that current MTAs' implementations of STARTTLS are only a first step. At least in postfix, the only MTA with which I am sufficiently familiar to form an opinion, it appears impossible to require that certs presented by trusted parties match a particular hash while certs presented by untrusted MTAs can present any certificate they desire to achieve EDH-level security. This is probably a stupid question, but... why would you want to do this? To protect against MIM attacks on the encrypted tunnel between the trust domains represented by my friend's MTA and my MTA. --Lucky Green
Re: What email encryption is actually in use?
David Howe [EMAIL PROTECTED] writes: at Wednesday, October 02, 2002 3:13 AM, Peter Gutmann [EMAIL PROTECTED] was seen to say: As opposed to more conventional encryption, where you're protecting nothing at any point along the chain, because 99.99% of the user base can't/won't use it. That is a different problem. if you assume that relying on every hop between you and your correspondent to be protected by TLS Doing a quick check of all of today's mail, there's only a single hop on the WAN. This is a non-issue. *and* the owner of that server to be trustworthy (not only in the normal sense, but resistant to legal pressure, warrants from LEAs and financial incentives from your competitors) If the Uni sysadmins want to read mail sent from Uni machines, they'll get it with or without me using encryption, and it'd be the same for most (all?) corporates. This is a non-issue. then you are in for a rude awakening at some point. I know exactly what I'm getting from STARTTLS, which is adequate security most of the time, automatically, with no extra effort. If I want real security, I'll send it from a home machine in a lead-lined room while wearing a tinfoil hat, while worrying whether the use of an encrypted message in this manner will attract undue suspicion. Luckily I don't need real security most of the time, just protection from fishing expeditions and general snooping, which STARTTLS gives me. Peter.
Re: What email encryption is actually in use?
At 09:05 AM 10/01/2002 -0700, Major Variola (ret) wrote: So yes Alice at ABC.COM sends mail to Bob at XYZ.COM and the SMTP link is encrypted, so the bored upstream-ISP netops can't learn anything besides traffic analysis. But once inside XYZ.COM, many unauthorized folks could intercept Bob's email. Access Control is sorely lacking folks. I'm running Win2000 in You're Not The Administrator mode. Since somebody else is root and I'm not, the fact that my network admins could eavesdrop on my link traffic isn't a big deal, especially when they set up my PC's software. And if I do pretend to trust my machine against some insiders, I can use SSH, SSL, and PGP to reduce risks from others... Also, STARTTLS can reduce eavesdropping at Alice's ABC.COM. If your organization is an ISP, the risks are letting them handle your email at all (especially with currently proposed mandatory eavesdropping laws), and STARTTLS provides a mechanism for direct delivery that isn't as likely to be blocked by anti-spamming restrictions on port 25. Now to get some email *clients* using it. On the other hand, if your recipient is at a big corporation, they're highly likely to be using a big shared MS Exchange server, or some standards-based equivalent, so the game's over on that end before you even start. Take the STARTTLS and run with it... Link encryption is a good idea, but rarely sufficient. Defense in depth is important for real security. STARTTLS can be a link-encryption solution, but it can also be part of a layered solution, and if you don't bother with end-to-end, it's a really good start, and isolates your risks. It also offers you some possibility of doing certificate management to reduce the risk of man-in-the-middle attacks from outside your organization, and does reduce some traffic analysis. at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann [EMAIL PROTECTED] was seen to say: For encryption, STARTTLS, which protects more mail than all other email encryption technology combined. If your goal is to encrypt 20% of the net by Christmas, STARTTLS will get a lot closer to that than a perfect system. Similarly, IPSEC using the shared key open secret would have been a much-faster-deployed form of opportunistic encryption than the FreeSWAN project's more complex form that wants some control over DNS that most users don't have. In the absence of a real Public Key Infrastructure, neither is totally man-in-the-middle-proof, so if the Feds are targeting *you* it's clearly not enough, but reducing mass-quantity fishing expeditions increases our security and reduces the Echelon potential - especially if 90% of the encrypted material is routine corporate email, mailing lists, Usenet drivel, etc. At 01:20 PM 10/1/02 +0100, David Howe wrote: I would dispute that - not that it isn't used and useful, but unless you are handing off directly to the home machine of the end user (or his direct spool) odds are good that the packet will be sent unencrypted somewhere along its journey. with TLS you are basically protecting a single link of a transmission chain, with no control over the rest of the chain. You can protect most of the path if your firewalls don't interfere, and more if your recipients' don't.
Re: What email encryption is actually in use?
at Tuesday, October 01, 2002 6:10 PM, James A. Donald [EMAIL PROTECTED] was seen to say: Not so. It turns out the command line is now different in PGP 6.5.8. It is now pgp -sta to clearsign, instead of pgp -sa. (Needless to say the t option does not appear in pgp -h *nods* its in the 6.5 Command Line Guide, but as identifies the input file as a text file The CLG is the best reference for this though - as it explictly lists sta as the correct option in section Ch2Common PGP FunctionsSigning MessagesSign a plaintext ASCII file. I could email you a copy of the PDF of that (its about 500K) if you wish. The clearsigning now seems to work a lot better than I recall the clearsigning working in pgp 2.6.2. They now do some canonicalization, or perhaps they guess lots of variants until one checks out. its canonicalization - again according to the CLG (CH3Sending ASCII text files to different machine environments) Perhaps they hid the clear signing because it used not to work, but having fixed it they failed to unhide it? its just an evolution. IIRC the command line tool was based at least partially on the unix version of pgp, which always had different command line switches. It would be nice if behaviour was more backwards compatable, but they *did* document it in the official M that you should RTF :)
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- at Tuesday, October 01, 2002 9:04 PM, Petro [EMAIL PROTECTED] was seen to say: Well, it's a start. Every mail server (except mx1 and mx2.prserv.net) should use TLS. Its nice in theory, but in practice look how long it takes the bulk of the internet to install urgent patches - how long is it going to take to get people to install an upgrade to privacy that actually causes more problems for them? Besides the core here is that 1) everyone with a server enroute can read the mail 2) you are relying on every other link in the chain to protect your privacy clientside crypto fixes both these problems, reduces the total crypto load on the chain (encryption/decryption is only ever done once) and allows use of digital signatures. Once you start using it, it becomes part of hte pattern by wich other people identify you. Exactly the intention, yes :) Just for the sake of it (anyone who cares will have seen my signature enough times by now) I will sign this one :) -BEGIN PGP SIGNATURE- Version: PGP - Cyber-Knights Templar iQIVAwUBPZqzpWDKt9Hjj5SVAQFlwA//cQYGFRb3sJEM695lWJ+rUhymcS5lTSEV vG3eRUvxpbhLcAS+QsdMXX3pDlu60UzOhxubpQch9E59yE/+uaeU+5AzkfDQjc2q jQ8SppCqf56+uevoZlH1RiKkBT6Hx7ctPimEIlq3FXWsaqA3ocPVghZwFhMaxA1G twCtBxR7Q3y6VePzCzeealx7TDgcoS7hoBKNTsueAIWd/9xB9JYjFvS8OecOMdZG B+yvSLHZn1YJG62JfZ8EWXr1xKh5BZxdRVxLVzhaumtyAFr2hCDQffDiz5UtyGSa JdMoJAzmZZZ5EvcHc0rMDVs5BiDr5/EaSU+xecPz/YxY4BWxGFprqsRi7IapTkb1 26zgJQ4miGylFlmZM30cxKYudi5PdSJ4VUWpuoHRg9clZlH9KzC7f0suYAnACDXC bzr5Fgp3+bvRnziMD65NT4G1hxA5pYPl+4IudVSKcaMsHLWSTE8Lnf0US283MdeR VXKbINvyEr0p0zrl7lVmHZbmuLjdUHrgAoyQEKcaMelE+Q8suXynDYtSV7LCfdAE CjKBz2RxAiNhi1vAq6NuFOMx+R9c23Sxg2uUUbpYeRbl5fPbjamDzIhK2ccNNmpU euuWj3O9e6YMtW0KPezYbJ/9fMMkOAv3KnfdeAgcjSnipMqVvqgJ4sWil3gfUADY X0TKznTghWs= =3uOF -END PGP SIGNATURE-
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- at Tuesday, October 01, 2002 9:04 PM, Petro [EMAIL PROTECTED] was seen to say: Well, it's a start. Every mail server (except mx1 and mx2.prserv.net) should use TLS. Its nice in theory, but in practice look how long it takes the bulk of the internet to install urgent patches - how long is it going to take to get people to install an upgrade to privacy that actually causes more problems for them? Besides the core here is that 1) everyone with a server enroute can read the mail 2) you are relying on every other link in the chain to protect your privacy clientside crypto fixes both these problems, reduces the total crypto load on the chain (encryption/decryption is only ever done once) and allows use of digital signatures. Once you start using it, it becomes part of hte pattern by wich other people identify you. Exactly the intention, yes :) Just for the sake of it (anyone who cares will have seen my signature enough times by now) I will sign this one :) -BEGIN PGP SIGNATURE- Version: PGP - Cyber-Knights Templar iQIVAwUBPZrB22DKt9Hjj5SVAQF3eBAAh8RK5LgLIPv8JhBwX6kdj2x0c6NsrtdA xiH45Zb+bCNO07ac07n+qyKRZ5UiTGjekjQXjnSOczDFUgCyUymexqif7SnDZ04P S/55rQ31wfUWNRVrO/ULjdq4TVYHMsAUFKhrYgwvYyqJNOg2C+sBwgNsLM3gedm2 R0KRY6pO/wqpVsvki3c27h7wszfvCkmsRrqtuKTwktm23XdbmAs+21YWbThbqc3Y r1gtmH8QrJuUzhPXfE/L104reFo5yi2BMuY/ac1G7uXNc+6yAhy61q4z0v17OMcS glEASE0AO+XrtYFfq/3VXk1SN5S3x44GazHvKo9NgqpJn8pvoNq9TsXhXIa9c1/u hchVahwsuZ6rooMxur8ekLP86zTn8mfI+lFKd1n+LuFzcVbzezzKRH3PM+TjDMTF p0TzHsrDOeUkrYJ2ImznpJ1019oDPBVvDCwRyCqOeLZ9MvARTXLtO9gwjt1NAh2E h7WBYhQyMdlKeUMh6mUwIG7DOoitOnf/mQkmQWybPK7NT2tOhx9uHEWE92iWUxc+ AQF4UywdSvFpTskVBkQIQESsYWGs92A350zEapogB2+cDJxytqtRDN2mLGG6tPPt u+60lj65OQUdc0D91e2W3yif9mF7ul3aztt2Ca5qziyMRVwnoceSwbejDyr1fZLO 8MgGBffIDis= =jz44 -END PGP SIGNATURE- resent - with broken line wrap fixed. damned lousy MS email client :) Next time I *check* first before sending and don't look so clueless in a worldwide list :)
RE: What email encryption is actually in use?
I've always been intrigued by the volume of reports which indicate that when hackers or other outlaws raid a corporate site, the first thing they do is scan the stored email files of company executives. Funny, with all the attention focused pushing the user to encrypt email for transmission, no one ever suggests that Admins should/could store all email on the local mail server in an encrypted format. Am I wrong, does some mail server do this? If not, anyone got any suggestions for an efficient design? Surete, _Vin At 10/2/02, Lucky Green wrote: Peter wrote [about the benefits of STARTTLS]: As opposed to more conventional encryption, where you're protecting nothing at any point along the chain, because 99.99% of the user base can't/won't use it. In any case most email is point-to-point, which means you are protecting the entire chain (that is, if I send you mail it may go through a few internal machines here or there, but once it hits the WAN it's straight from my gateway to yours). I must concur with Peter. The overwhelming majority of email recipients with whom I routinely exchange PGP encrypted email operates their own MTAs, located within their trust boundaries. Which should come as no surprise, since those with whom I discuss topics requiring secure communications tend to be conscious of security and thus like to be able to control the properties of their MTA and other network services. I also agree that current MTAs' implementations of STARTTLS are only a first step. At least in postfix, the only MTA with which I am sufficiently familiar to form an opinion, it appears impossible to require that certs presented by trusted parties match a particular hash while certs presented by untrusted MTAs can present any certificate they desire to achieve EDH-level security. I am aware that the certs presented by trusted parties could of course all be signed by the same CA, but this is an unworkable model in personal communications. What is required in practice is a list of trusted MTAs with corresponding hashes implemented at the MTA level. --Lucky Green
Re: What email encryption is actually in use?
at Wednesday, October 02, 2002 3:13 AM, Peter Gutmann [EMAIL PROTECTED] was seen to say: As opposed to more conventional encryption, where you're protecting nothing at any point along the chain, because 99.99% of the user base can't/won't use it. That is a different problem. if you assume that relying on every hop between you and your correspondent to be protected by TLS *and* the owner of that server to be trustworthy (not only in the normal sense, but resistant to legal pressure, warrants from LEAs and financial incentives from your competitors) then you are in for a rude awakening at some point. S/Mime isn't wonderful, but it is built-in to the M$oft email packages and you can trivially generate a key *for* your correspondents to be delivered to them out-of-band. installing is double-clicking a file, and decryption automatic. More security aware users will obviously want their own, a key from a recognised CA or prefer pgp, but that is upgrades to the basic security you can provide by five minutes work with a copy of OpenSSL. In any case most email is point-to-point, which means you are protecting the entire chain (that is, if I send you mail it may go through a few internal machines here or there, but once it hits the WAN it's straight from my gateway to yours). Depends on the setup. Few home users can afford always-up connections, and most dialup ranges are blocked from direct delivery anyhow. the typical chain goes Sender--Sender's ISP--Recipient's ISP--Mailspool--Recipient for a corporate user, a typical chain might go Sender--sender's internal email system--sender's outbound gateway--recipient's firewall--recipients inbound gateway--recipient's email system--recipient assuming *everyone* at both companies is trustworthy (or IT is on the ball and preventing sniffers from running on their lans; I will pause while everyone laughs and then drafts replies pointing out that is impossible) then you can get away with TLS-protecting just the link gateway--firewall. Yes, crypto should be transparent and enabled *by default* in those M$ corporate products; no, the US government wasn't (and still isn't even under the more relaxed regime) willing to wear on-by-default unbreakable, easy crypto in mass-market products.
Re: What email encryption is actually in use?
Lucky Green wrote: I also agree that current MTAs' implementations of STARTTLS are only a first step. At least in postfix, the only MTA with which I am sufficiently familiar to form an opinion, it appears impossible to require that certs presented by trusted parties match a particular hash while certs presented by untrusted MTAs can present any certificate they desire to achieve EDH-level security. This is probably a stupid question, but... why would you want to do this? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
Re: What email encryption is actually in use?
-- Once you start using it, it becomes part of hte pattern by wich other people identify you. On 2 Oct 2002 at 9:52, David Howe wrote: Exactly the intention, yes :) Just for the sake of it (anyone who cares will have seen my signature enough times by now) I will sign this one :) And PGP tells me signature not checked, key does not meet validity threshold So I said to myself, OK, I will sign David Howe's key on my keyring to tell myself that this is the David Howe who posts on cypherpunks, though of course, pgp gives us merely a single variable trust, which can have no easy connection to the question what do you actually know about this particular David Howe?. (What we really would like is a database of communications indexed by key, so that we could see this communication in the context of past communications with the David Howe that used the same key.) I attempt to sign David Howes key, whereupon PGP gives the highly uninformative error message: Key signature error. It seems that I get similarly uninformative errors whenever I tried to use PGP. And that folks, is at least one of the reasons why end user crypto is not widespread. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 3XIIjDu4swm4B8omsJgkQJcu1Op4/sNb2XkGf18B 4F9ZT3OQag+pZrW134bJdhLT3EeX1wOFqJzi1WJQ5
Re: What email encryption is actually in use?
On Wed, Oct 02, 2002 at 09:12:47PM +0100, Ben Laurie wrote: | Adam Shostack wrote: | On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote: | | Lucky Green wrote: | | I also agree that current MTAs' implementations of STARTTLS are only a | | first step. At least in postfix, the only MTA with which I am | | sufficiently familiar to form an opinion, it appears impossible to | | require that certs presented by trusted parties match a particular hash | | while certs presented by untrusted MTAs can present any certificate they | | desire to achieve EDH-level security. | | | | This is probably a stupid question, but... why would you want to do this? | | So that your regular correspondants are authenticated, while anyone | else is opportunisticly encrypted. | | ??? How does checking their MTA's cert authenticate them? What's wrong | with PGP sigs? Consistency with last time. Whats wrong with PGP sigs is that going on 9 full years after I generated my first pgp key, my mom still can't use the stuff. Sure, you and I can use PGP, but by and large, people don't bother. So lets look at a technology that's getting accepted, and improve it slowly. Adam -- It is seldom that liberty of any kind is lost all at once. -Hume
Re: What email encryption is actually in use?
Adam Shostack wrote: On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote: | Lucky Green wrote: | I also agree that current MTAs' implementations of STARTTLS are only a | first step. At least in postfix, the only MTA with which I am | sufficiently familiar to form an opinion, it appears impossible to | require that certs presented by trusted parties match a particular hash | while certs presented by untrusted MTAs can present any certificate they | desire to achieve EDH-level security. | | This is probably a stupid question, but... why would you want to do this? So that your regular correspondants are authenticated, while anyone else is opportunisticly encrypted. ??? How does checking their MTA's cert authenticate them? What's wrong with PGP sigs? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
Re: What email encryption is actually in use?
On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote: | Lucky Green wrote: | I also agree that current MTAs' implementations of STARTTLS are only a | first step. At least in postfix, the only MTA with which I am | sufficiently familiar to form an opinion, it appears impossible to | require that certs presented by trusted parties match a particular hash | while certs presented by untrusted MTAs can present any certificate they | desire to achieve EDH-level security. | | This is probably a stupid question, but... why would you want to do this? So that your regular correspondants are authenticated, while anyone else is opportunisticly encrypted. Adam -- It is seldom that liberty of any kind is lost all at once. -Hume
Re: What email encryption is actually in use?
-- James A. Donald wrote: And PGP tells me signature not checked, key does not meet validity threshold On 2 Oct 2002 at 20:40, Dave Howe wrote: what version are you on? pgp 6.5.8 command line version. The actual problem was that there was no such key in my key ring, but error messages gave me no hint of that. So having determined the problem, I dutifully went to the key server, and encountered yet another stream of problems related to the keyserver and windows, that made it impossible to download the key, but that is another story. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG C+pOgajD+X0+ZJN6MxG/jTvWMW4WWcSPAO/u5ONp 41dEFaucvzVF+ulAPaijTMkhlW/C+virFHh06hHrM
Re: What email encryption is actually in use?
-- On 2 Oct 2002 at 16:19, Adam Shostack wrote: Whats wrong with PGP sigs is that going on 9 full years after I generated my first pgp key, my mom still can't use the stuff. The fact that your mum cannot use the stuff is only half the problem. I am a computer expert, a key administrator, someone who has been paid to write cryptographic code, and half the time I cannot use pgp. Of course, I have had real occasion to use this stuff so rarely that I suspect your mother would never use it no matter how user friendly. The lack of demand may have something to do with Hettinga's rant, that all cryptography is financial cryptography. As I am fond of pointing out, envelopes were first invented to contain records of goods and payments. People use encryption when money is at stake. If people start routinely making binding deals on the internet, they will soon routinely use encryption. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG Yek7NX953gkX+mwOcaRKW13pMWVzckXtQLHH7Oqt 45E6Pq+EKfccaEUOQLWtfPKtgE9yfk5u/o8MMv4HG
Re: What email encryption is actually in use?
On Wed, 2 Oct 2002, Ben Laurie wrote: Adam Shostack wrote: On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote: | Lucky Green wrote: | I also agree that current MTAs' implementations of STARTTLS are only a | first step. At least in postfix, the only MTA with which I am | sufficiently familiar to form an opinion, it appears impossible to | require that certs presented by trusted parties match a particular hash | while certs presented by untrusted MTAs can present any certificate they | desire to achieve EDH-level security. | | This is probably a stupid question, but... why would you want to do this? So that your regular correspondants are authenticated, while anyone else is opportunisticly encrypted. ??? How does checking their MTA's cert authenticate them? What's wrong with PGP sigs? PGP sigs authenticate the senders of the email. MTA certs authenticate the mail servers. This would be a useful feature with regard to the current anonymous remailer network, which relies on SMTP for message transfer, for instance.
Re: What email encryption is actually in use?
At 09:05 AM 10/01/2002 -0700, Major Variola (ret) wrote: So yes Alice at ABC.COM sends mail to Bob at XYZ.COM and the SMTP link is encrypted, so the bored upstream-ISP netops can't learn anything besides traffic analysis. But once inside XYZ.COM, many unauthorized folks could intercept Bob's email. Access Control is sorely lacking folks. I'm running Win2000 in You're Not The Administrator mode. Since somebody else is root and I'm not, the fact that my network admins could eavesdrop on my link traffic isn't a big deal, especially when they set up my PC's software. And if I do pretend to trust my machine against some insiders, I can use SSH, SSL, and PGP to reduce risks from others... Also, STARTTLS can reduce eavesdropping at Alice's ABC.COM. If your organization is an ISP, the risks are letting them handle your email at all (especially with currently proposed mandatory eavesdropping laws), and STARTTLS provides a mechanism for direct delivery that isn't as likely to be blocked by anti-spamming restrictions on port 25. Now to get some email *clients* using it. On the other hand, if your recipient is at a big corporation, they're highly likely to be using a big shared MS Exchange server, or some standards-based equivalent, so the game's over on that end before you even start. Take the STARTTLS and run with it... Link encryption is a good idea, but rarely sufficient. Defense in depth is important for real security. STARTTLS can be a link-encryption solution, but it can also be part of a layered solution, and if you don't bother with end-to-end, it's a really good start, and isolates your risks. It also offers you some possibility of doing certificate management to reduce the risk of man-in-the-middle attacks from outside your organization, and does reduce some traffic analysis. at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann [EMAIL PROTECTED] was seen to say: For encryption, STARTTLS, which protects more mail than all other email encryption technology combined. If your goal is to encrypt 20% of the net by Christmas, STARTTLS will get a lot closer to that than a perfect system. Similarly, IPSEC using the shared key open secret would have been a much-faster-deployed form of opportunistic encryption than the FreeSWAN project's more complex form that wants some control over DNS that most users don't have. In the absence of a real Public Key Infrastructure, neither is totally man-in-the-middle-proof, so if the Feds are targeting *you* it's clearly not enough, but reducing mass-quantity fishing expeditions increases our security and reduces the Echelon potential - especially if 90% of the encrypted material is routine corporate email, mailing lists, Usenet drivel, etc. At 01:20 PM 10/1/02 +0100, David Howe wrote: I would dispute that - not that it isn't used and useful, but unless you are handing off directly to the home machine of the end user (or his direct spool) odds are good that the packet will be sent unencrypted somewhere along its journey. with TLS you are basically protecting a single link of a transmission chain, with no control over the rest of the chain. You can protect most of the path if your firewalls don't interfere, and more if your recipients' don't.
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bill Stewart wrote: | | If your organization is an ISP, the risks are letting them | handle your email at all (especially with currently proposed | mandatory eavesdropping laws), and STARTTLS provides a | mechanism for direct delivery that isn't as likely to be blocked | by anti-spamming restrictions on port 25. | Now to get some email *clients* using it. | BTW, most and probably all of the major mail clients out there will do STARTTLS *for SMTP*. It's a matter of servers offering it and clients being configured to actually use it. It'd be nice if they always used it if it's available, but right now I think they all require being told to. Specifically, Mozilla, Outlook, Outlook Express, Netscape (all the way back to 4.7x at least), Evolution, and Eudora all support STARTTLS (again, for SMTP). I imagine there are others that do as well. Amusingly, virtually none of them support STARTLS on any other protocol. :) IMAP and POP are almost all supported only on dedicated SSL ports (IMAPS, POP3S). Argh. Regards, Jeremey. - -- Jeremey Barrett [[EMAIL PROTECTED]]Key: http://rot26.com/gpg.asc GnuPG fingerprint: 716E C811 C6D9 2B31 685D 008F F715 EB88 52F6 3860 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9mwrg9xXriFL2OGARAo/oAJ0QnWSlj22d3jvdyw8wtfVXIGkjFACeOuXr fZjD8Wo2H/AWkM1saPxNNOY= =g5QQ -END PGP SIGNATURE-
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Udhay Shankar N wrote: | At 10:04 AM 10/2/02 -0500, Jeremey Barrett wrote: | | Amusingly, virtually none of them support STARTLS on any other protocol. | :) IMAP and POP are almost all supported only on dedicated SSL ports | (IMAPS, POP3S). Argh. | | I use Eudora, as I'm very comfortable with it (so comfortable, in fact, | that it's my primary reason for booting Windows at all.) | | The version I use, 5.1, *does* support STARTTLS for POP over both the | regular port 110 as well as alternate ports, as well as user-defined | ports. It needs some tweaking, but the capability exists. | | I don't know about IMAP, as I don't use IMAP to get my mail. | Yes, Eudora is the exception. It supports both STARTTLS and dedicated SSL ports for all mail protocols (it even does SMTPS I think). Jeremey. - -- Jeremey Barrett [[EMAIL PROTECTED]]Key: http://rot26.com/gpg.asc GnuPG fingerprint: 716E C811 C6D9 2B31 685D 008F F715 EB88 52F6 3860 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9mxbK9xXriFL2OGARAsrqAKCeoCG1YA07tRdU8pEi8Rci6SWaKACgtWBv nobLVt5wGMgvwNOT5wTYzLI= =k+kp -END PGP SIGNATURE-
Re: What email encryption is actually in use?
On Tue, Oct 01, 2002 at 01:20:28PM +0100, David Howe wrote: at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann [EMAIL PROTECTED] was seen to say: For encryption, STARTTLS, which protects more mail than all other email encryption technology combined. See http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix02_slides.pdf (towards the back). I would dispute that - not that it isn't used and useful, but unless you are handing off directly to the home machine of the end user (or his direct spool) odds are good that the packet will be sent unencrypted somewhere along its journey. with TLS you are basically protecting a single link of a transmission chain, with no control over the rest of the chain. Well, it's a start. Every mail server (except mx1 and mx2.prserv.net) should use TLS. There should be nothing but noise on the wire. For signing, nothing. The S/MIME list debated having posts to the list signed, and decided against it: If I know you, I can recognise a message from you whether it's signed or not. Signing has a limited application - I wouldn't use it routinely other than to establish an association (key--poster) early in a conversation, and then omit it except for things whose source *I* would want verified if I was receiving it. Once you start using it, it becomes part of hte pattern by wich other people identify you. -- This could be the last day of the rest of your life. | Quit smoking: | 162d, 10h ago | petro@ | bounty.org
RE: What email encryption is actually in use?
Morlock Elloi wrote... deleted In other words, those that need crypto are taken care of, and in order to gain resources to make sheeple use crypto you have to become Them, in which case you don't really want sheeple to use crypto in the first place. Please do not use the derogatory term 'sheeple'... you're going to give sheep a bad name. --- Kevin W. Wall Qwest Information Technology, Inc. [EMAIL PROTECTED]Phone: 614.932.5542 I can hardly wait until we get quantum computers. Then we really *will* have to worry about Heisenbugs.
Re: What email encryption is actually in use?
The problem Mr. Howe describes is fundamental, folks: encryption should be end-to-end even when the endpoints are functionaries in a company. Because not all employees are equal. So yes Alice at ABC.COM sends mail to Bob at XYZ.COM and the SMTP link is encrypted, so the bored upstream-ISP netops can't learn anything besides traffic analysis. But once inside XYZ.COM, many unauthorized folks could intercept Bob's email. Access Control is sorely lacking folks. Link encryption is a good idea, but rarely sufficient. At 01:20 PM 10/1/02 +0100, David Howe wrote: at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann [EMAIL PROTECTED] was seen to say: For encryption, STARTTLS, which protects more mail than all other email encryption technology combined. See I would dispute that - not that it isn't used and useful, but unless you are handing off directly to the home machine of the end user (or his direct spool) odds are good that the packet will be sent unencrypted somewhere along its journey. with TLS you are basically protecting a single link of a transmission chain, with no control over the rest of the chain.
Re: What email encryption is actually in use?
James A. Donald [EMAIL PROTECTED] writes: To the extent that real people are using digitally signed and or encrypted messages for real purposes, what is the dominant technology, or is use so sporadic that no network effect is functioning, so nothing can be said to be dominant? For encryption, STARTTLS, which protects more mail than all other email encryption technology combined. See http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix02_slides.pdf (towards the back). For signing, nothing. The S/MIME list debated having posts to the list signed, and decided against it: If I know you, I can recognise a message from you whether it's signed or not. If I don't know you, whether it's signed or not is irrelevant. That leaves a few highly specialised applications which don't really qualify as use by real people (e.g. pgpmoose, EDI, etc etc, where any random proprietary format is fine, since it's decided by mutual agreement of both parties). Peter.
Re: What email encryption is actually in use?
at Monday, September 30, 2002 7:52 PM, James A. Donald [EMAIL PROTECTED] was seen to say: Is it practical for a particular group, for example a corporation or a conspiracy, to whip up its own damned root certificate, without buggering around with verisign? (Of course fixing Microsoft's design errors is never useful, since they will rebreak their products in new ways that are more ingenious and harder to fix.) Yup. In fact, some IPSec firewalls rely on the corporate having a local CA root to issue keys for VPN access. from there it is only a small step to using the same (or parallel issued) keys for email security. The problem there really is that the keys will be flagged as faulty by anyone outside the group (and therefore without the root key already imported), and that will usually only work in a semi-rigid hierachical structure. There *is* an attempt to set up something resembling a Web of trust using x509 certificiates, currently in the early stages at nntp://news.securecomp.org/WebOfTrust I intended to sign this using Network Associates command line pgp, only to discover that pgp -sa file produced unintellible gibberish, that could only be made sense of by pgp, so that no one would be able to read it without first checking my signature. you made a minor config error - you need to make sure clearsign is enabled. I suggest that network associates should have hired me as UI design manager, or failing, that, hired the dog from down the street as UI design manager. It's command line. Most cyphergeeks like command line tools powerful and cryptic :)
Re: What email encryption is actually in use?
at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann [EMAIL PROTECTED] was seen to say: For encryption, STARTTLS, which protects more mail than all other email encryption technology combined. See http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix02_slides.pdf (towards the back). I would dispute that - not that it isn't used and useful, but unless you are handing off directly to the home machine of the end user (or his direct spool) odds are good that the packet will be sent unencrypted somewhere along its journey. with TLS you are basically protecting a single link of a transmission chain, with no control over the rest of the chain. For signing, nothing. The S/MIME list debated having posts to the list signed, and decided against it: If I know you, I can recognise a message from you whether it's signed or not. Signing has a limited application - I wouldn't use it routinely other than to establish an association (key--poster) early in a conversation, and then omit it except for things whose source *I* would want verified if I was receiving it. It is unusual for me to use a sig outside of encrypt+sign. If I don't know you, whether it's signed or not is irrelevant. Depends on the definition of know. If a poster had a regular habit of posting at least one signed message every week, and had never protested that the sigs were faked, then you could assume that the poster whose sig just cleared is the same as the poster who has been posting for that time period - mapping that to any real-world individual is more problematic, but mostly you don't need to. There are plenty of people I only know online from email exchanges, and in some cases am not even sure what sex they are :)
Re: What email encryption is actually in use?
-- James A. Donald: I intended to sign this using Network Associates command line pgp, [6.5.8]only to discover that pgp -sa file produced unintellible gibberish, that could only be made sense of by pgp, so that no one would be able to read it without first checking my signature. David Howe you made a minor config error - you need to make sure clearsign is enabled. James A. Donald: I suggest that network associates should have hired me as UI design manager, or failing, that, hired the dog from down the street as UI design manager. David Howe It's command line. Most cyphergeeks like command line tools powerful and cryptic :) We also like the most common uses to be *on* the command line. If the option is not on the command line, it is *not* powerful and it is a little too cryptic. The pgp.cfg file is empty by default on my machine, the cfg file options are nowhere documented, clearsigning is nowhere documented, and Clearsign=on did not work. In the last generally useful version of pgp (pgp 2.6.2) pgp -sa gave clear signing, but it was unusable, because trivial differences, such as the unix/windows difference on carriage returns would cause the signature check to fail. Because there were so many false negatives, no one would check clearsigned signatures. I conjecture that in pgp 6.5.8 they have addressed this problem by making clear signatures as inaccessible as possible, rather than by fixing it. I could get clearsigning by telling my pgp 6.5.8 to be compatible with 2.6.2, but I have already discovered that 2.6.2 clear signing was hopelessly broken. Had clear signing worked, then everyone with a valuable domain name would have used the pgp interface to control their domain names, to ensure that one's domain name could not be hijacked, as so many domain names have been. This would have created a massive base of pgp users. However, due to architectural defects in pgp, design bugs rather than coding bugs, this use of pgp was broken, and so was seldom used, and eventually ceased to work entirely. Presumably there was no maintenance on the pgp inteface to domain name control, because no one was using it. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG MUiyRJ8PRbLCXnVMWCpeKvsn5GdOlAB9t6O7K0Hb 4GBcVbBHZFN0vg8apVt35e9Y2khaPdgrM+Y6uOys6
Re: What email encryption is actually in use?
The problem Mr. Howe describes is fundamental, folks: encryption should be end-to-end even when the endpoints are functionaries in a company. Because not all employees are equal. So yes Alice at ABC.COM sends mail to Bob at XYZ.COM and the SMTP link is encrypted, so the bored upstream-ISP netops can't learn anything besides traffic analysis. But once inside XYZ.COM, many unauthorized folks could intercept Bob's email. Access Control is sorely lacking folks. Link encryption is a good idea, but rarely sufficient. At 01:20 PM 10/1/02 +0100, David Howe wrote: at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann [EMAIL PROTECTED] was seen to say: For encryption, STARTTLS, which protects more mail than all other email encryption technology combined. See I would dispute that - not that it isn't used and useful, but unless you are handing off directly to the home machine of the end user (or his direct spool) odds are good that the packet will be sent unencrypted somewhere along its journey. with TLS you are basically protecting a single link of a transmission chain, with no control over the rest of the chain.
Re: What email encryption is actually in use?
At 11:52 AM 9/30/02 -0700, James A. Donald wrote: -- What email encryption is actually in use? PGP 5-7 on Win95+, using Eudora 3.05 talks to Mac whatever using 2.6.2 Signing is not generally necessary. The chief barrier to use of outlook's email encryption Outlook is one of Microsoft's Virus Engine Suite, isn't it?
Re: What email encryption is actually in use?
-- James A. Donald: I intended to sign this using Network Associates command line pgp, [6.5.8]only to discover that pgp -sa file produced unintellible gibberish, that could only be made sense of by pgp, so that no one would be able to read it without first checking my signature. David Howe you made a minor config error - you need to make sure clearsign is enabled. Not so. It turns out the command line is now different in PGP 6.5.8. It is now pgp -sta to clearsign, instead of pgp -sa. (Needless to say the t option does not appear in pgp -h The clearsigning now seems to work a lot better than I recall the clearsigning working in pgp 2.6.2. They now do some canonicalization, or perhaps they guess lots of variants until one checks out. Perhaps they hid the clear signing because it used not to work, but having fixed it they failed to unhide it? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 1lGJioukjvNCaM/LetfJVNPifdGblhZNTs+GarH2 4RFyr8DSgY3BrltZeP3treEOdb186ZDQzE/S3NYLI
RE: What email encryption is actually in use?
Peter wrote [about the benefits of STARTTLS]: As opposed to more conventional encryption, where you're protecting nothing at any point along the chain, because 99.99% of the user base can't/won't use it. In any case most email is point-to-point, which means you are protecting the entire chain (that is, if I send you mail it may go through a few internal machines here or there, but once it hits the WAN it's straight from my gateway to yours). I must concur with Peter. The overwhelming majority of email recipients with whom I routinely exchange PGP encrypted email operates their own MTAs, located within their trust boundaries. Which should come as no surprise, since those with whom I discuss topics requiring secure communications tend to be conscious of security and thus like to be able to control the properties of their MTA and other network services. I also agree that current MTAs' implementations of STARTTLS are only a first step. At least in postfix, the only MTA with which I am sufficiently familiar to form an opinion, it appears impossible to require that certs presented by trusted parties match a particular hash while certs presented by untrusted MTAs can present any certificate they desire to achieve EDH-level security. I am aware that the certs presented by trusted parties could of course all be signed by the same CA, but this is an unworkable model in personal communications. What is required in practice is a list of trusted MTAs with corresponding hashes implemented at the MTA level. --Lucky Green
Re: What email encryption is actually in use?
On Mon, Sep 30, 2002 at 12:53:36PM -0700, Joseph Ashwood wrote: - Original Message - From: James A. Donald [EMAIL PROTECTED] The chief barrier to use of outlook's email encryption, aside from the fact that is broken, is the intolerable cost and inconvenience of certificate management. Actually the chief barrier is psychological, people don't feel they should side with the criminals by using encryption. Certificate management is Um. No. Most people do no assocaite encryption with criminals. There are 4 reasons people don't use encryption in email: 0) Encryption, that's that SLS thingy, right? (Ignorance, stupidity) 1) Why bother? I am not a *target*. (apathy) 2) It's too much hassle. (BAD tools) 3) 95% of the people *I* send email to wouldn't know what to do with a message in S/MIME, much less PGP. (AKA the Fax Effect). -- Johnny had four truckloads of plutonium. Johnny used four| Quit smoking: truckloads of plutonium to light New York City for a year. | 161d, 11h ago Then how many truckloads of plutonium did Johnny have? Six! | petro@ -- Breeder reactor ad from the glory days of nuclear power | bounty.org