Ronald van Kuijk wrote:
>
> Ben Bucksch wrote:
> >
> >We just shouldn't imply that because you sprinkle magic crypto dust on
> >an e-mail, that it is automatically genuine. People still need to use
> >their brain, or they will lose sometimes.
> >
> That's just the problem. So many people currently don't use their brain
> and will do it even less if they get flooded by self-signed certificates.
Are you (and Ben) seriously suggesting that an encrypted message sent to
a self-signed key belonging to even a naive user is *no more secure*
than a plaintext email?
I'm not intimately familiar with the details of cryptography but I do
know the theory. As I see it, the risks in the first case (a self-signed
key/certificate) are:
1) The key might not really belong to the intended recipient, but to an
impostor. In this case the message can be read by the impostor, but the
original recipient will (probably) receive an apparently garbled
message, which will (probably) tip him off that something is wrong. Even
if not, this is a lesser risk than a plaintext email: only one impostor
can read it, instead of *any* impostor.
2) The naive user might have been careless with their private key, and
an intruder may have it (or worse, it might have been publically
posted). In this case there will be no obvious red flag like receiving
an apparently garbled message, but the message can be read by anybody
with the key. This is (as far as I can see) the worst-case scenario and
it's still more secure than plaintext: only a subset of all potential
attackers can read the message, rather than *all* of them.
3) Man-in-the-middle attack. Seems to me this would be quite a lot of
work with email (you'd have to be able to reliably intercept all emails
from Alice to Bob) but again, the risk is no greater than for plaintext
(and for plaintext the same effect can be obtained with significantly
less work).
The only risk I can see is that users may be more willing to trust
sensitive information to an "encrypted" email than to a non-encrypted
one, and any of the three cases above would negate that assumption. It
seems to me that a well-worded dialog (with a "don't show this again for
this recipient" checkbox) could mitigate this risk:
"Although this message will be encrypted, Mozilla cannot verify that it
is really being encrypted for [EMAIL PROTECTED]
"Unless you have checked key-signatures with Bob through some external
method (like a phone call), you should not trust this message with
sensitive information. _Click here_ for more information about
validating key-signatures."
Thoughts?
Stuart.
