Jay Hennessy wrote:
And perhaps a check box with number 3:
X. Warn me if some recipients do not have certificates.
and number 4:
X. Warn me if outgoing email cannot be encrypted.
Taking a leaf from Firefox, it has this nice feature
for security in it which is to turn the URL bar yellow
when SSL is enacted. If each email address were
to go yellow if it was encrypt-to rated, and some
were not yellow, that would suit my preferences.
(I'd still think your check boxes above would be fine,
but with the yellow email addresses, I'd then turn
those checkboxes off.)
Ian G wrote:
LOL... What you mean is "use encryption if I have the
cert." If you really meant "use encryption when possible"
that would be something like:
4. Tbird would create a default cert at install time,
and attach it to the bottom of every mail to someone
new. If everyone did this, we'd have a web of keys
within months... (Literally, we'd have just exchanged
keys if #4 had been turned on!)
Well, I actually like that idea, but obviously it's not feasible
because the certificate would be worthless if it wasn't verified to be
linked to the email address of the user. (Or have I misunderstood the
concept?!)
Yes, the assumption that "the certificate would be worthless"
is incorrect. If the certificate was sent by the stated email
address, then it is linked. Only if you are under some form
of active attack would you expect some form of connivery.
Active attacks of this form are very easy to defeat, you just
phone the guy up and ask for his fingerprint. Or you keep
talking until the plot falls apart ;)
What is clear is that until you have done a fingerprint exchange,
there is a small lingering doubt as to whether you have the
right certificate. But, this lingering doubt shrinks into the
noise level after 2 or 3 emails. The notion that anyone is
conducting an MITM over several emails is kinda stoopid,
especially if you have any reason to believe that, then you
can simply ... check the fingerprints.
(All practical large scale trials that I know of using this
technique have experienced no difficulties. I refer here
to PGP and SSH, which both use opportunistic encryption,
and for the most part people don't bother to do more than
learn about the weakness.)
There is a flaw in the logic of the CA-based email security
model. The CA concept - certificate "authority" - is useful
where you do not know the party you are dealing with.
Like, Amazon. Yet, this assumption does not exist in
email; almost everyone we mail (unless we are a spammer)
is already known to us. Which means we have already at
hand superior mechanisms to control the security.
Whatever logic exists in browsing, there is practically no
security reason to use CA-signed certs in email. In fact,
they definitively reduce security over the self-signed
alternate. (Browsing is another story, a bit more complex.)
This is kind of an aside, but relevant to the argument: My reasoning
is also that I don't agree with Governments reading emails at will, as
they currently do (e.g. UK legislation:
http://archives.cnn.com/2000/TECH/computing/07/28/uk.surveillance.idg/).
The more encrypted information that flies around, the better IMHO.
Yes. You do realise that governments can defeat
CA-signed security like your Thawt cert, but they
cannot defeat self-signed security? So if hypothetically
your attacker is a government, you should use PGP,
rather than cert-based email.
But again, this restricts the user, as you say. I use a Certificate
Authority certificate which I recently discovered is available free
from http://www.thawte.com/email/
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto
