Re: What email encryption is actually in use?
at Tuesday, October 01, 2002 6:10 PM, James A. Donald [EMAIL PROTECTED] was seen to say: Not so. It turns out the command line is now different in PGP 6.5.8. It is now pgp -sta to clearsign, instead of pgp -sa. (Needless to say the t option does not appear in pgp -h *nods* its in the 6.5 Command Line Guide, but as identifies the input file as a text file The CLG is the best reference for this though - as it explictly lists sta as the correct option in section Ch2Common PGP FunctionsSigning MessagesSign a plaintext ASCII file. I could email you a copy of the PDF of that (its about 500K) if you wish. The clearsigning now seems to work a lot better than I recall the clearsigning working in pgp 2.6.2. They now do some canonicalization, or perhaps they guess lots of variants until one checks out. its canonicalization - again according to the CLG (CH3Sending ASCII text files to different machine environments) Perhaps they hid the clear signing because it used not to work, but having fixed it they failed to unhide it? its just an evolution. IIRC the command line tool was based at least partially on the unix version of pgp, which always had different command line switches. It would be nice if behaviour was more backwards compatable, but they *did* document it in the official M that you should RTF :)
Re: fun w/ the SS chalk
At 09:11 AM 10/01/2002 -0700, Major Variola (ret) wrote: After reading the last paragraph in the excerpt below, it occurs to me how much fun could be had in DC with some chalk, even without an 802.11blah receiver :-) Depending on how well-read the security folks are about warchalking, you can also have fun creating variations on the markings, adding notes in Cyrillic alphabets, etc. The Pentagon subway station would be a good spot, though it's of course likely to be thoroughly over-cameraful.
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- at Tuesday, October 01, 2002 9:04 PM, Petro [EMAIL PROTECTED] was seen to say: Well, it's a start. Every mail server (except mx1 and mx2.prserv.net) should use TLS. Its nice in theory, but in practice look how long it takes the bulk of the internet to install urgent patches - how long is it going to take to get people to install an upgrade to privacy that actually causes more problems for them? Besides the core here is that 1) everyone with a server enroute can read the mail 2) you are relying on every other link in the chain to protect your privacy clientside crypto fixes both these problems, reduces the total crypto load on the chain (encryption/decryption is only ever done once) and allows use of digital signatures. Once you start using it, it becomes part of hte pattern by wich other people identify you. Exactly the intention, yes :) Just for the sake of it (anyone who cares will have seen my signature enough times by now) I will sign this one :) -BEGIN PGP SIGNATURE- Version: PGP - Cyber-Knights Templar iQIVAwUBPZqzpWDKt9Hjj5SVAQFlwA//cQYGFRb3sJEM695lWJ+rUhymcS5lTSEV vG3eRUvxpbhLcAS+QsdMXX3pDlu60UzOhxubpQch9E59yE/+uaeU+5AzkfDQjc2q jQ8SppCqf56+uevoZlH1RiKkBT6Hx7ctPimEIlq3FXWsaqA3ocPVghZwFhMaxA1G twCtBxR7Q3y6VePzCzeealx7TDgcoS7hoBKNTsueAIWd/9xB9JYjFvS8OecOMdZG B+yvSLHZn1YJG62JfZ8EWXr1xKh5BZxdRVxLVzhaumtyAFr2hCDQffDiz5UtyGSa JdMoJAzmZZZ5EvcHc0rMDVs5BiDr5/EaSU+xecPz/YxY4BWxGFprqsRi7IapTkb1 26zgJQ4miGylFlmZM30cxKYudi5PdSJ4VUWpuoHRg9clZlH9KzC7f0suYAnACDXC bzr5Fgp3+bvRnziMD65NT4G1hxA5pYPl+4IudVSKcaMsHLWSTE8Lnf0US283MdeR VXKbINvyEr0p0zrl7lVmHZbmuLjdUHrgAoyQEKcaMelE+Q8suXynDYtSV7LCfdAE CjKBz2RxAiNhi1vAq6NuFOMx+R9c23Sxg2uUUbpYeRbl5fPbjamDzIhK2ccNNmpU euuWj3O9e6YMtW0KPezYbJ/9fMMkOAv3KnfdeAgcjSnipMqVvqgJ4sWil3gfUADY X0TKznTghWs= =3uOF -END PGP SIGNATURE-
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- at Tuesday, October 01, 2002 9:04 PM, Petro [EMAIL PROTECTED] was seen to say: Well, it's a start. Every mail server (except mx1 and mx2.prserv.net) should use TLS. Its nice in theory, but in practice look how long it takes the bulk of the internet to install urgent patches - how long is it going to take to get people to install an upgrade to privacy that actually causes more problems for them? Besides the core here is that 1) everyone with a server enroute can read the mail 2) you are relying on every other link in the chain to protect your privacy clientside crypto fixes both these problems, reduces the total crypto load on the chain (encryption/decryption is only ever done once) and allows use of digital signatures. Once you start using it, it becomes part of hte pattern by wich other people identify you. Exactly the intention, yes :) Just for the sake of it (anyone who cares will have seen my signature enough times by now) I will sign this one :) -BEGIN PGP SIGNATURE- Version: PGP - Cyber-Knights Templar iQIVAwUBPZrB22DKt9Hjj5SVAQF3eBAAh8RK5LgLIPv8JhBwX6kdj2x0c6NsrtdA xiH45Zb+bCNO07ac07n+qyKRZ5UiTGjekjQXjnSOczDFUgCyUymexqif7SnDZ04P S/55rQ31wfUWNRVrO/ULjdq4TVYHMsAUFKhrYgwvYyqJNOg2C+sBwgNsLM3gedm2 R0KRY6pO/wqpVsvki3c27h7wszfvCkmsRrqtuKTwktm23XdbmAs+21YWbThbqc3Y r1gtmH8QrJuUzhPXfE/L104reFo5yi2BMuY/ac1G7uXNc+6yAhy61q4z0v17OMcS glEASE0AO+XrtYFfq/3VXk1SN5S3x44GazHvKo9NgqpJn8pvoNq9TsXhXIa9c1/u hchVahwsuZ6rooMxur8ekLP86zTn8mfI+lFKd1n+LuFzcVbzezzKRH3PM+TjDMTF p0TzHsrDOeUkrYJ2ImznpJ1019oDPBVvDCwRyCqOeLZ9MvARTXLtO9gwjt1NAh2E h7WBYhQyMdlKeUMh6mUwIG7DOoitOnf/mQkmQWybPK7NT2tOhx9uHEWE92iWUxc+ AQF4UywdSvFpTskVBkQIQESsYWGs92A350zEapogB2+cDJxytqtRDN2mLGG6tPPt u+60lj65OQUdc0D91e2W3yif9mF7ul3aztt2Ca5qziyMRVwnoceSwbejDyr1fZLO 8MgGBffIDis= =jz44 -END PGP SIGNATURE- resent - with broken line wrap fixed. damned lousy MS email client :) Next time I *check* first before sending and don't look so clueless in a worldwide list :)
RE: What email encryption is actually in use?
I've always been intrigued by the volume of reports which indicate that when hackers or other outlaws raid a corporate site, the first thing they do is scan the stored email files of company executives. Funny, with all the attention focused pushing the user to encrypt email for transmission, no one ever suggests that Admins should/could store all email on the local mail server in an encrypted format. Am I wrong, does some mail server do this? If not, anyone got any suggestions for an efficient design? Surete, _Vin At 10/2/02, Lucky Green wrote: Peter wrote [about the benefits of STARTTLS]: As opposed to more conventional encryption, where you're protecting nothing at any point along the chain, because 99.99% of the user base can't/won't use it. In any case most email is point-to-point, which means you are protecting the entire chain (that is, if I send you mail it may go through a few internal machines here or there, but once it hits the WAN it's straight from my gateway to yours). I must concur with Peter. The overwhelming majority of email recipients with whom I routinely exchange PGP encrypted email operates their own MTAs, located within their trust boundaries. Which should come as no surprise, since those with whom I discuss topics requiring secure communications tend to be conscious of security and thus like to be able to control the properties of their MTA and other network services. I also agree that current MTAs' implementations of STARTTLS are only a first step. At least in postfix, the only MTA with which I am sufficiently familiar to form an opinion, it appears impossible to require that certs presented by trusted parties match a particular hash while certs presented by untrusted MTAs can present any certificate they desire to achieve EDH-level security. I am aware that the certs presented by trusted parties could of course all be signed by the same CA, but this is an unworkable model in personal communications. What is required in practice is a list of trusted MTAs with corresponding hashes implemented at the MTA level. --Lucky Green
Re: What email encryption is actually in use?
at Wednesday, October 02, 2002 3:13 AM, Peter Gutmann [EMAIL PROTECTED] was seen to say: As opposed to more conventional encryption, where you're protecting nothing at any point along the chain, because 99.99% of the user base can't/won't use it. That is a different problem. if you assume that relying on every hop between you and your correspondent to be protected by TLS *and* the owner of that server to be trustworthy (not only in the normal sense, but resistant to legal pressure, warrants from LEAs and financial incentives from your competitors) then you are in for a rude awakening at some point. S/Mime isn't wonderful, but it is built-in to the M$oft email packages and you can trivially generate a key *for* your correspondents to be delivered to them out-of-band. installing is double-clicking a file, and decryption automatic. More security aware users will obviously want their own, a key from a recognised CA or prefer pgp, but that is upgrades to the basic security you can provide by five minutes work with a copy of OpenSSL. In any case most email is point-to-point, which means you are protecting the entire chain (that is, if I send you mail it may go through a few internal machines here or there, but once it hits the WAN it's straight from my gateway to yours). Depends on the setup. Few home users can afford always-up connections, and most dialup ranges are blocked from direct delivery anyhow. the typical chain goes Sender--Sender's ISP--Recipient's ISP--Mailspool--Recipient for a corporate user, a typical chain might go Sender--sender's internal email system--sender's outbound gateway--recipient's firewall--recipients inbound gateway--recipient's email system--recipient assuming *everyone* at both companies is trustworthy (or IT is on the ball and preventing sniffers from running on their lans; I will pause while everyone laughs and then drafts replies pointing out that is impossible) then you can get away with TLS-protecting just the link gateway--firewall. Yes, crypto should be transparent and enabled *by default* in those M$ corporate products; no, the US government wasn't (and still isn't even under the more relaxed regime) willing to wear on-by-default unbreakable, easy crypto in mass-market products.
Re: What email encryption is actually in use?
Lucky Green wrote: I also agree that current MTAs' implementations of STARTTLS are only a first step. At least in postfix, the only MTA with which I am sufficiently familiar to form an opinion, it appears impossible to require that certs presented by trusted parties match a particular hash while certs presented by untrusted MTAs can present any certificate they desire to achieve EDH-level security. This is probably a stupid question, but... why would you want to do this? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
Re: What email encryption is actually in use?
-- Once you start using it, it becomes part of hte pattern by wich other people identify you. On 2 Oct 2002 at 9:52, David Howe wrote: Exactly the intention, yes :) Just for the sake of it (anyone who cares will have seen my signature enough times by now) I will sign this one :) And PGP tells me signature not checked, key does not meet validity threshold So I said to myself, OK, I will sign David Howe's key on my keyring to tell myself that this is the David Howe who posts on cypherpunks, though of course, pgp gives us merely a single variable trust, which can have no easy connection to the question what do you actually know about this particular David Howe?. (What we really would like is a database of communications indexed by key, so that we could see this communication in the context of past communications with the David Howe that used the same key.) I attempt to sign David Howes key, whereupon PGP gives the highly uninformative error message: Key signature error. It seems that I get similarly uninformative errors whenever I tried to use PGP. And that folks, is at least one of the reasons why end user crypto is not widespread. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 3XIIjDu4swm4B8omsJgkQJcu1Op4/sNb2XkGf18B 4F9ZT3OQag+pZrW134bJdhLT3EeX1wOFqJzi1WJQ5
Re: What email encryption is actually in use?
On Wed, Oct 02, 2002 at 09:12:47PM +0100, Ben Laurie wrote: | Adam Shostack wrote: | On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote: | | Lucky Green wrote: | | I also agree that current MTAs' implementations of STARTTLS are only a | | first step. At least in postfix, the only MTA with which I am | | sufficiently familiar to form an opinion, it appears impossible to | | require that certs presented by trusted parties match a particular hash | | while certs presented by untrusted MTAs can present any certificate they | | desire to achieve EDH-level security. | | | | This is probably a stupid question, but... why would you want to do this? | | So that your regular correspondants are authenticated, while anyone | else is opportunisticly encrypted. | | ??? How does checking their MTA's cert authenticate them? What's wrong | with PGP sigs? Consistency with last time. Whats wrong with PGP sigs is that going on 9 full years after I generated my first pgp key, my mom still can't use the stuff. Sure, you and I can use PGP, but by and large, people don't bother. So lets look at a technology that's getting accepted, and improve it slowly. Adam -- It is seldom that liberty of any kind is lost all at once. -Hume
Re: What email encryption is actually in use?
Adam Shostack wrote: On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote: | Lucky Green wrote: | I also agree that current MTAs' implementations of STARTTLS are only a | first step. At least in postfix, the only MTA with which I am | sufficiently familiar to form an opinion, it appears impossible to | require that certs presented by trusted parties match a particular hash | while certs presented by untrusted MTAs can present any certificate they | desire to achieve EDH-level security. | | This is probably a stupid question, but... why would you want to do this? So that your regular correspondants are authenticated, while anyone else is opportunisticly encrypted. ??? How does checking their MTA's cert authenticate them? What's wrong with PGP sigs? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
Re: JYA ping
On Wed, 2 Oct 2002, Anonymous wrote: Cryptome has nor been updated since 9/23 ... any clues, anyone ? No. Anyone knows whether John Young is okay?
Re: What email encryption is actually in use?
On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote: | Lucky Green wrote: | I also agree that current MTAs' implementations of STARTTLS are only a | first step. At least in postfix, the only MTA with which I am | sufficiently familiar to form an opinion, it appears impossible to | require that certs presented by trusted parties match a particular hash | while certs presented by untrusted MTAs can present any certificate they | desire to achieve EDH-level security. | | This is probably a stupid question, but... why would you want to do this? So that your regular correspondants are authenticated, while anyone else is opportunisticly encrypted. Adam -- It is seldom that liberty of any kind is lost all at once. -Hume
Re: What email encryption is actually in use?
-- James A. Donald wrote: And PGP tells me signature not checked, key does not meet validity threshold On 2 Oct 2002 at 20:40, Dave Howe wrote: what version are you on? pgp 6.5.8 command line version. The actual problem was that there was no such key in my key ring, but error messages gave me no hint of that. So having determined the problem, I dutifully went to the key server, and encountered yet another stream of problems related to the keyserver and windows, that made it impossible to download the key, but that is another story. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG C+pOgajD+X0+ZJN6MxG/jTvWMW4WWcSPAO/u5ONp 41dEFaucvzVF+ulAPaijTMkhlW/C+virFHh06hHrM
Re: What email encryption is actually in use?
-- On 2 Oct 2002 at 16:19, Adam Shostack wrote: Whats wrong with PGP sigs is that going on 9 full years after I generated my first pgp key, my mom still can't use the stuff. The fact that your mum cannot use the stuff is only half the problem. I am a computer expert, a key administrator, someone who has been paid to write cryptographic code, and half the time I cannot use pgp. Of course, I have had real occasion to use this stuff so rarely that I suspect your mother would never use it no matter how user friendly. The lack of demand may have something to do with Hettinga's rant, that all cryptography is financial cryptography. As I am fond of pointing out, envelopes were first invented to contain records of goods and payments. People use encryption when money is at stake. If people start routinely making binding deals on the internet, they will soon routinely use encryption. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG Yek7NX953gkX+mwOcaRKW13pMWVzckXtQLHH7Oqt 45E6Pq+EKfccaEUOQLWtfPKtgE9yfk5u/o8MMv4HG
Re: What email encryption is actually in use?
On Wed, 2 Oct 2002, Ben Laurie wrote: Adam Shostack wrote: On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote: | Lucky Green wrote: | I also agree that current MTAs' implementations of STARTTLS are only a | first step. At least in postfix, the only MTA with which I am | sufficiently familiar to form an opinion, it appears impossible to | require that certs presented by trusted parties match a particular hash | while certs presented by untrusted MTAs can present any certificate they | desire to achieve EDH-level security. | | This is probably a stupid question, but... why would you want to do this? So that your regular correspondants are authenticated, while anyone else is opportunisticly encrypted. ??? How does checking their MTA's cert authenticate them? What's wrong with PGP sigs? PGP sigs authenticate the senders of the email. MTA certs authenticate the mail servers. This would be a useful feature with regard to the current anonymous remailer network, which relies on SMTP for message transfer, for instance.
Re: What email encryption is actually in use?
At 09:05 AM 10/01/2002 -0700, Major Variola (ret) wrote: So yes Alice at ABC.COM sends mail to Bob at XYZ.COM and the SMTP link is encrypted, so the bored upstream-ISP netops can't learn anything besides traffic analysis. But once inside XYZ.COM, many unauthorized folks could intercept Bob's email. Access Control is sorely lacking folks. I'm running Win2000 in You're Not The Administrator mode. Since somebody else is root and I'm not, the fact that my network admins could eavesdrop on my link traffic isn't a big deal, especially when they set up my PC's software. And if I do pretend to trust my machine against some insiders, I can use SSH, SSL, and PGP to reduce risks from others... Also, STARTTLS can reduce eavesdropping at Alice's ABC.COM. If your organization is an ISP, the risks are letting them handle your email at all (especially with currently proposed mandatory eavesdropping laws), and STARTTLS provides a mechanism for direct delivery that isn't as likely to be blocked by anti-spamming restrictions on port 25. Now to get some email *clients* using it. On the other hand, if your recipient is at a big corporation, they're highly likely to be using a big shared MS Exchange server, or some standards-based equivalent, so the game's over on that end before you even start. Take the STARTTLS and run with it... Link encryption is a good idea, but rarely sufficient. Defense in depth is important for real security. STARTTLS can be a link-encryption solution, but it can also be part of a layered solution, and if you don't bother with end-to-end, it's a really good start, and isolates your risks. It also offers you some possibility of doing certificate management to reduce the risk of man-in-the-middle attacks from outside your organization, and does reduce some traffic analysis. at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann [EMAIL PROTECTED] was seen to say: For encryption, STARTTLS, which protects more mail than all other email encryption technology combined. If your goal is to encrypt 20% of the net by Christmas, STARTTLS will get a lot closer to that than a perfect system. Similarly, IPSEC using the shared key open secret would have been a much-faster-deployed form of opportunistic encryption than the FreeSWAN project's more complex form that wants some control over DNS that most users don't have. In the absence of a real Public Key Infrastructure, neither is totally man-in-the-middle-proof, so if the Feds are targeting *you* it's clearly not enough, but reducing mass-quantity fishing expeditions increases our security and reduces the Echelon potential - especially if 90% of the encrypted material is routine corporate email, mailing lists, Usenet drivel, etc. At 01:20 PM 10/1/02 +0100, David Howe wrote: I would dispute that - not that it isn't used and useful, but unless you are handing off directly to the home machine of the end user (or his direct spool) odds are good that the packet will be sent unencrypted somewhere along its journey. with TLS you are basically protecting a single link of a transmission chain, with no control over the rest of the chain. You can protect most of the path if your firewalls don't interfere, and more if your recipients' don't.
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bill Stewart wrote: | | If your organization is an ISP, the risks are letting them | handle your email at all (especially with currently proposed | mandatory eavesdropping laws), and STARTTLS provides a | mechanism for direct delivery that isn't as likely to be blocked | by anti-spamming restrictions on port 25. | Now to get some email *clients* using it. | BTW, most and probably all of the major mail clients out there will do STARTTLS *for SMTP*. It's a matter of servers offering it and clients being configured to actually use it. It'd be nice if they always used it if it's available, but right now I think they all require being told to. Specifically, Mozilla, Outlook, Outlook Express, Netscape (all the way back to 4.7x at least), Evolution, and Eudora all support STARTTLS (again, for SMTP). I imagine there are others that do as well. Amusingly, virtually none of them support STARTLS on any other protocol. :) IMAP and POP are almost all supported only on dedicated SSL ports (IMAPS, POP3S). Argh. Regards, Jeremey. - -- Jeremey Barrett [[EMAIL PROTECTED]]Key: http://rot26.com/gpg.asc GnuPG fingerprint: 716E C811 C6D9 2B31 685D 008F F715 EB88 52F6 3860 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9mwrg9xXriFL2OGARAo/oAJ0QnWSlj22d3jvdyw8wtfVXIGkjFACeOuXr fZjD8Wo2H/AWkM1saPxNNOY= =g5QQ -END PGP SIGNATURE-
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Udhay Shankar N wrote: | At 10:04 AM 10/2/02 -0500, Jeremey Barrett wrote: | | Amusingly, virtually none of them support STARTLS on any other protocol. | :) IMAP and POP are almost all supported only on dedicated SSL ports | (IMAPS, POP3S). Argh. | | I use Eudora, as I'm very comfortable with it (so comfortable, in fact, | that it's my primary reason for booting Windows at all.) | | The version I use, 5.1, *does* support STARTTLS for POP over both the | regular port 110 as well as alternate ports, as well as user-defined | ports. It needs some tweaking, but the capability exists. | | I don't know about IMAP, as I don't use IMAP to get my mail. | Yes, Eudora is the exception. It supports both STARTTLS and dedicated SSL ports for all mail protocols (it even does SMTPS I think). Jeremey. - -- Jeremey Barrett [[EMAIL PROTECTED]]Key: http://rot26.com/gpg.asc GnuPG fingerprint: 716E C811 C6D9 2B31 685D 008F F715 EB88 52F6 3860 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9mxbK9xXriFL2OGARAsrqAKCeoCG1YA07tRdU8pEi8Rci6SWaKACgtWBv nobLVt5wGMgvwNOT5wTYzLI= =k+kp -END PGP SIGNATURE-