Slashdot Mirror
PGP Universal - Usable Email Security?
An anonymous reader writes "For years, noted cypherpunks such as Brad Templeton, Ian Goldberg (PDF link), Bram
Cohen, and Len
Sassaman (PDF link) have been calling for easy to use email encryption solutions
which involve little crypto comprehension on the part of the user. Now, it seems like someone has listened: PGP
Corporation has announced its PGP Universal, which says it 'shifts the burden of securing email
messages and attachments from the desktop to the network in a way that is
automatic and entirely transparent to users'." The Register has more information on these newly announced proxy servers.
But you're still not secure between the client and the proxy as far as network transport is concerned; plus, you've got all your keys in one basket. Furthermore, it seems like they are assuming that everyone will have one of these things set up. Is it so transparent to the people that can't read the email you send them?
When you have dozens or hundreds of people to support, a server side implementation (if it works as advertised) is not a bad idea at all.
Imagine trying to support people that still can't find the "any" key..
Trolling is a art,
size 7 1/2 please!
however, if you have ever tried to get joe-average-desktop-user to set up gpg or pgp then you know that something has to be made easier! even the point-n-click solutions like winpt or mac-gpg (my fave!) make my dad's head ring. here's an example: i work with a guy who went to work for the nsa (that's right, super-spook central). about a year ago i asked him where his public key was so that i could send him some sensitive work-type stuff. his response? "i don't have any of that. it's too confusing". this is a guy who the nsa chose to hire!
something has to be simplified if mom-n-pop (and nsa hires) are going to use crypto.
(oh, and this is my public key)
2 1337 4 u!
That's not really the point. For most users, even those who understand how and why to use PGP for their email, it's just too much of a hassle. This is aimed at companies that want their email secured, without having to trust the users to actually do it properly.
You can still add on your own encryption outside of this system if you are extra paranoid.
My first thought is, "Oh great, that'll just mean you need to trust the server."
But then I started to consider what would happen if a lot of the large domain servers were to start signing their mail automatically with a "Yes this really did go through our mail server" signature.
For one, if every message to come from Yahoo was signed with yahoo's key, you could automatically deny every message from yahoo that didn't have that signature. Think of how much easier spam catching would be.
Joe-jobbing could be reduced. If it comes from Intergalactic Orange Smoothie's DNS address without a signature, you know that somebody's been joe-jobbing Intergalactic Orange Smoothie.
And encryption between known partners could be enforced. So every message between Intergalactic Orange Smoothie and their partners could be encrypted.
Problems are, not everybody's got PGP. So Intergalactic Orange Smoothie can't make every message encrypted. So there still needs to be some user-interaction.
Gentoo Sucks
Said companies are going to be the first to go up in arms when a corrupt entity "loses" or "leaks" the keys. And yes, I am extra paranoid ;)
View this as a 70% cure for the corporate network. Useless for end-users.
You can't guarantee the exact person (although you might be able to audit-trail the logfiles and such)
But it will get you closer to the eventual goal of everything being encrypted and reduce most of the popular non-inside jobs.
Gentoo Sucks
Assume the encrypting mail server is internal and you use a switched LAN (that helps prevent sniffing). I think the big sell here is to tell the customers that your mail will not leave your company unencrypted onto the Big Evil Internet.
Also you miss the point when you say "access your sensitive data without your permission". If this is in a company, your employer owns the computers, network and ultimately the "sensitive data", not you.
Trolling is a art,
Credit card numbers are not the only sensitive info. Most corporations use email to communicate with their vendors and customers and much of what they discuss is proprietary.
How would you like your doctor discussing your medical condition with a colleague over an unsecured connection?
computerlady - a brand new Slash-daughter - alone, but no longer invisible, in the
That's mostly correct. However, there are many organiztions that are now subject to various legislation (such as HIPAA or GLBA) that didn't *know* they need this until recently.
Consumer information safeguards are mandated in many industries now. This package would be a less painful, more expensive way to meet those requirements.
Of course, I haven't seen it yet. It could be crap. Who knows? I registered for the whitepaper, we'll see.
trustedworlds.net - gaming, security, and the gunk that lives in between
The ability to plug-in PGP has been a part of several mail clients for a while... mutt, pine, etc. But, this has been the domain of the "more than casual" user... I would dread explaining to Mom how to setup her private/public keys, let alone why she should use encryption and the dreaded "how does this work" discussion.
;)
There's quite a bit of difficulty, methinks, in adopting this technology at any level the average user is aware of. I mean, the only way I can see wide-spread adoption happening successfully is you don't even let the users know how their mail is being encrypted/decrypted. Otherwise, you leave it open to too much user error: the dreaded "I lost my keys," or "Bob-IT-Guy, can you decrypt this important mail sitting in Sally's inbox... she's on vacation and we need it now!"
You take the (oh... forgive me) Lotus Notes approach (I'm *not* a fan, but I understand this aspect of the software): it can be setup so the encrypt and decrypt happens transparently to the user between Lotus Notes servers. If you had something along this level between mail servers, then you might start getting into secure transmission of e-mail.
Man... there are so many areas to lock-down... while I'm a big fan of PGP, it seems like the whole nature of the e-mail communication system needs to be looked at and (potentially) overhauled. So what if the message is transmitted securely between me sending it and you receiving it? If you do it at a user level, then you need universal support built into all the different mail reader applications. If you do it at the server level, then you need to lock-down the security more tightly at the server level (can your admins read your mail? Sure can! Not that it isn't already that open today). And how are keys managed? And who do you trust? And who manages how public keys get distributed?
Right now, it is all fairly manual (unless the tools have been updated since I last looked at them).
I can hear it now... can... opening... worms... everywhere!
Diplomacy is the art of saying, "Nice doggie!" until you can find a rock.
I didn't see prices on PGP's site, but I'll wager two cattle it's more than my parent's [an ideal audience for `easy crypto'] could afford.
Linux: The world's best text-adventure game.
If someone really needs to use PGP security, which is almost unbreakable, they would figure out how to use existing programs.
Ah, but what if they don't need to, but are required by regulation to?
You can bet that John/Jane Doe, who work at your health insurance company / bank / credit card company / e-commerce site don't feel the "need" to use PGP security, because hey, what does your personal information mean to them? Also, not being geeks or security wonks, many of these people are not going to "figure out how to use existing programs." However, they're handling your data. In some cases, the Government has regulated that they must protect the data. Encryption is an efficient and sometimes necessary form of protection... but isn't easy enough to ensure people use today.
Sendmail and Postfix supports it, and generating self-signed certificates is not even difficult.
A lot of times, I'd like to send something to someone with encryption. I know how to get GPG running and do this, but my recipients are your typical "it's too hard" group. :(
This is a thing for corporations. Private email-crypting will continue to suck big time until PGP/Mime and all that stuff become standard functions in KMail and Thunderbird and don't require some ominous compiling/installing of shoddy beta plugins or a five week full-time training in exim and mutt configuration.
We suffer more in our imagination than in reality. - Seneca
I guess the problem is keeping randome machines from snagging a copy, though, since the same machine you plug the fob in to can also snag your keystrokes and thus your passphrase.
That's why you put the crypto engine on the keyfob. The keys would never be exposed to the sending PC.
People who disagree with you are not automatically evil, greedy, or stupid.
Not so great, they'll have to encrypt each spam they send using the recipient public key. This will make them a lot less efficient (a lot more CPU time will be required on their part and they need to fetch you public key somewhere).
Some people slip up and send confidential data (like bank account and credit card numbers) over unencrypted email, without realising the potential harm. Making it simple enough that it has plugins for the popular mail clients, and they have simple buttons to encrypt and/or sign an email in the compose window, with an option to do so by default, can only be a good thing. Building it into mail clients, so no extra software is needed, would be even better.
I thought this was useful until I lost my little USB drive (or it was stolen, I can't figure out which). Now my public/private keypair are useless.
Fortunately, almost nobody else I know actually uses PGP, so if I create a new key, it's not a big deal.
And yes, I know you're thinking, "You shouldn't lose your USB drive," but in real life, stuff like this happens. I was always very careful with it, which makes me think it was possibly stolen (moral of that story, don't trust everyone with access to your work space).
Use http://www.gnugp.org
I agree with you, and because of their installed base it would be possible for them to make encryption a default for the majority of the population. This is critical for generating a critical mass that is needed to be able to sustain encryption as a routine practice.
Trying to send encrypted files all of a sudden to a few people somehow seems to give the wrong impression, because it seems that you have something to hide. It is as if your communication stands out as a needle in the haystack, and someone using a "magnet" can just suck you off the system ....
But, if Yahoo, hotmail, etc started encrypting by default, then a huge number of emails, I believe enough for the critical mass, shall use encrytion. And so now your desire to send encrypted encrytion is no longer looked at with suspicion. You are now like hay in a hay stack and no magnet can suck you off the system ...
So, I believe, in the spirit of Standing Up against such obscenities as the Patriot Act, companies like Yahoo.com, M$ Hotmail.com, Mail.com, Verizonmail.com, Myrealbox.com, etc. should start provinding encryption by default.
It is the "right" thing to do.
To see a world in a grain of sand, and then to step back and see the beach where the sand lies
I work at a major law office. Not that I completely agree with it but we do not offer PGP or any type of encyption unless the clients request communication in that manner. Then we buy, configure, and use whatever software is compatible with whatever they have and make it work with our system and train our users that will be using it. Some clients are pickier then others and we've setup seperate lans, gateways, and portals just for them to communicate to us over. Nothing 007 but enough to satisfy the client.
IMHO as a IT person and not a client, there are many things that pass in and out of the mail system that probably should have been encrypted but are not. I get the impression they think regular email is already magically safe. I'm sure an automatic system would be helpful.
There's a constant drive to dumb things dwown, make them easier to use without any kind of understanding about what is going on under the hood.
This is good in some areas. People need don't need to understand how their word processor or web-browser works. So long as it works, they can use it effectively.
In the case of information security, it's dangerous. If people use encryption without at least some understanding of security, they won't use it effectively. But they will believe they are safe, because they clicked the "encrypt my e-mail" button.
Surely the real solution isn't to dumb down the software, it's the smarten up the users. Pretty much everyone who really needs encryption is capable of understanding enough of the issues around computer security and use existing software to secure their e-mail. People need to accept that computer security is a complex thing, and like all complex things, you can't do them without at least a bit of homework.
It's like those people that have "I am not under investigation by the UK RIP act" on their webpages. It's only illegal (in the UK ) to inform someone that you are under investigation, not to stop informing people that you aren't.
Now that Mr Zimm isn't there afirming all the code is OK, it speaks volumes.
Get your own free personal location tracker
This has already been done. All one need to do is generate a set of keys and send from end user to end user. The thing that is so interesting is that the mail server is supposedly encrypting this as well. Why dont they just use a NES (network encryption system) that can have umteen connections or a TACLANE that can have up to 6 connections while using hardware encryption? Combine a system like that with a eprom usb device that has the private key on it and the public key on one of many public accessable ldap servers and your set. Just have the email programs check one of the mirrors for a valid key, and off goes your email. You just have to make sure you log in to your eprom. 128 bit encryption is not hard on massive networks, its getting it to be accepted by the home user that you cant control that is going to be the issue. Make the eprom a package deal with your isp connections, and your set. Get a net connection, get a usb token that encrypts your email for you automagically. DoD has been doing that crap for years, just do a google search on DMS (defense messaging system). You shouldnt be able to get down to the nitty gritty, but you should be able to get an idea.
Stop signs are only Suggestions
- Something you have
- Something you know
- Something you are
The combination of the keyfob, the biometric, and a password is as good as it gets. To really do it up right, the keyfob has male and female USB ends, which allows the 'connect the keyfobs to trade public keys' and also would allow a USB keyboard to connect through the keyfob, so that it could do the password part without passing the keystrokes on to the computer (that might have a keylogger installed).[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.