Slashdot Mirror
PGP Universal - Usable Email Security?
An anonymous reader writes "For years, noted cypherpunks such as Brad Templeton, Ian Goldberg (PDF link), Bram
Cohen, and Len
Sassaman (PDF link) have been calling for easy to use email encryption solutions
which involve little crypto comprehension on the part of the user. Now, it seems like someone has listened: PGP
Corporation has announced its PGP Universal, which says it 'shifts the burden of securing email
messages and attachments from the desktop to the network in a way that is
automatic and entirely transparent to users'." The Register has more information on these newly announced proxy servers.
shifts the burden of securing email messages and attachments from the desktop to the network in a way that is automatic and entirely transparent to users'
If you think that letting the powers that be implement our security by shifting the responsibility for encryption to them is going to make us take off our tin foil hats then you have another thing coming o.0 Methinx that if anything this will make me consider constructing a newer, stronger hat.
Hmm.. wasn't there a patent about that somewhere?
That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze
But you're still not secure between the client and the proxy as far as network transport is concerned; plus, you've got all your keys in one basket. Furthermore, it seems like they are assuming that everyone will have one of these things set up. Is it so transparent to the people that can't read the email you send them?
This looks a lot like what the company I work for does.
(A box/infrastructure) that does the crypto/key management for you)
If someone really needs to use PGP security, which is almost unbreakable, they would figure out how to use existing programs. Most potential customers for this program have no need for it; the vast majority of people would be fine with little or no encryption. Really, though, who sends their credit card numbers over email? If it's that important, people go to the trouble to figure it out. So, in my view, this is a luxury. People who have a real need for PGP will take the 5 minutes to figure it out. Other people simply don't need the security.
"73% of quotes on the Internet are made up" -Ben Franklin
This looks like it doesn't accomplish significantly more than the existing SMTP option STARTTLS.
People who disagree with you are not automatically evil, greedy, or stupid.
Pine/GnuPG ask me for a passphrase each time I encrypt and/or sign a message. This proves that I originated the message (not just some random punk who broke into my computer) for the purposes of authentication and non-repudiation.
The article and FAQ list were light on technical details, and I don't feel like registering for the actual whitepaper, but: since the aim of this service is to make encryption easy enough for common usage, I highly doubt there will be a passphrase prompt or any other method to ensure that the actual alleged sender is in fact the originator of a message. This seems to be confirmed by the statement that desktop mail clients (e.g. Outhouse) will be somehow directly "integrated" (how's that for nebulous?) with these proxy servers.
Without this precaution, I fail to see how this is anywhere as secure as straight-up PGP/GPG.
We have more to fear from the bungling of the incompetent than from the machinations of the wicked.
My first thought is, "Oh great, that'll just mean you need to trust the server."
But then I started to consider what would happen if a lot of the large domain servers were to start signing their mail automatically with a "Yes this really did go through our mail server" signature.
For one, if every message to come from Yahoo was signed with yahoo's key, you could automatically deny every message from yahoo that didn't have that signature. Think of how much easier spam catching would be.
Joe-jobbing could be reduced. If it comes from Intergalactic Orange Smoothie's DNS address without a signature, you know that somebody's been joe-jobbing Intergalactic Orange Smoothie.
And encryption between known partners could be enforced. So every message between Intergalactic Orange Smoothie and their partners could be encrypted.
Problems are, not everybody's got PGP. So Intergalactic Orange Smoothie can't make every message encrypted. So there still needs to be some user-interaction.
Gentoo Sucks
If this thing sits on each side and seamlessly encrypts/decrypts the mail without user intervention than what is the benefit of using this as opposed to using TLS? TLS provides seamless server-to-server encryption also, but its free if you are using an open source mail server that supports it, and TLS is already around and widely (albeit not widely enough) supported.
Said companies are going to be the first to go up in arms when a corrupt entity "loses" or "leaks" the keys. And yes, I am extra paranoid ;)
It seems that a device - like the keyfob-sized USB "memory drives" should be nearly enough for any personal use. Ideally there would be some sort of fingerprint or biometric reader in it too, though the existing passphrase mechanism could suffice. Just put your secret key on it and you can take it with you. I guess the problem is keeping randome machines from snagging a copy, though, since the same machine you plug the fob in to can also snag your keystrokes and thus your passphrase.
If it's not one thing, it's another.
Assume the encrypting mail server is internal and you use a switched LAN (that helps prevent sniffing). I think the big sell here is to tell the customers that your mail will not leave your company unencrypted onto the Big Evil Internet.
Also you miss the point when you say "access your sensitive data without your permission". If this is in a company, your employer owns the computers, network and ultimately the "sensitive data", not you.
Trolling is a art,
The article states that the network is then responsible for decrypting and encrypting... it has to be clear text someplace on the network to begin with then. Doesn't that defeat the purpose? And, why is this necessary when the future 'ipv6' to be done by 2007 will be completely encrypted anyway (internet version 2 if you will).
What is slashdot?
Yahoo Mail does a superb job of catching spam and scanning for viruses. They also use SSL (optionally) for logging in. If they would just add PGP/GPG to their Mail Plus service, hell, I'd buy it!
The ability to plug-in PGP has been a part of several mail clients for a while... mutt, pine, etc. But, this has been the domain of the "more than casual" user... I would dread explaining to Mom how to setup her private/public keys, let alone why she should use encryption and the dreaded "how does this work" discussion.
;)
There's quite a bit of difficulty, methinks, in adopting this technology at any level the average user is aware of. I mean, the only way I can see wide-spread adoption happening successfully is you don't even let the users know how their mail is being encrypted/decrypted. Otherwise, you leave it open to too much user error: the dreaded "I lost my keys," or "Bob-IT-Guy, can you decrypt this important mail sitting in Sally's inbox... she's on vacation and we need it now!"
You take the (oh... forgive me) Lotus Notes approach (I'm *not* a fan, but I understand this aspect of the software): it can be setup so the encrypt and decrypt happens transparently to the user between Lotus Notes servers. If you had something along this level between mail servers, then you might start getting into secure transmission of e-mail.
Man... there are so many areas to lock-down... while I'm a big fan of PGP, it seems like the whole nature of the e-mail communication system needs to be looked at and (potentially) overhauled. So what if the message is transmitted securely between me sending it and you receiving it? If you do it at a user level, then you need universal support built into all the different mail reader applications. If you do it at the server level, then you need to lock-down the security more tightly at the server level (can your admins read your mail? Sure can! Not that it isn't already that open today). And how are keys managed? And who do you trust? And who manages how public keys get distributed?
Right now, it is all fairly manual (unless the tools have been updated since I last looked at them).
I can hear it now... can... opening... worms... everywhere!
Diplomacy is the art of saying, "Nice doggie!" until you can find a rock.
There is a Client Key Mode that doesn't store the Private key on the PGP server. In this mode the admin can't view your key. Read through all the FAQ's.
I didn't see prices on PGP's site, but I'll wager two cattle it's more than my parent's [an ideal audience for `easy crypto'] could afford.
Linux: The world's best text-adventure game.
If you buy Pretty Good Privacy, does that mean you'd shop with a real estate agent who sells pretty good houses? Would you buy a pretty good car from Pretty Good Motors?
Pretty Good ain't good enough for me. I'll take Fuggin' Awesome Privacy, thank you very much.
Fun with Anagarams! LADS HOST, SHALT DOS. HAS DOLTS. AD SLOTHS, HATS SOLD. ASS HO, LTD.
Sounds a lot like what Zixmail (zixcorp.com) and several other companies provide. It would be nice to see some kind of standard emerge that most ISPs offer as a free service -- StartTLS/SSL to an SMTP server, which then looks at a special header or whatnot and contacts a global database of IDs/Keys (e.g.: like DNS for domain names). Problem is that it requires a lot of people to all make up their mind a certain way and it's going to take some time.
Many of the standards of today (DNS/SMTP/etc.) came about while the Internet was a comparatively homogenous collection of universities, government and military sites mostly in English-speaking countries, with little or no commercial interest.
Nowadays I'm less confident in the RFC process -- clearly it is still there and still works, but as the Internet has grown, so has the time for a convergence on new and important standards. Case in point: IPv6 -- it's been around for years, but few sites have actually made the leap.
"But actually trying to use m4 as a general-purpose langage would be deeply perverse" --ESR
Doesn't Anubis do this already? Why would anybody implement something like this, when a free alternative exists.
http://www.gnu.org/software/anubis/
Not to mention it has many more features than this, and no NSA Backdoors =)
-miah
As much of a POS that GroupWise is, it can be set up to generate keypairs for users and be automatically inserted into their clients. You could then make default the option to sign every message and leave it up to them to use encryption. Of course, I doubt most corporate users use passwords that are strong enough to deny someone access to the system, which would then give you access to the private key[s] of the compromised user. Still, it's there.
Linux: The world's best text-adventure game.
Sendmail and Postfix supports it, and generating self-signed certificates is not even difficult.
Got this e-mail this morning...
Dear PGP Customer:
We are pleased to announce the shipment of PGP(r)Universal.
Thank you for purchasing products from PGP Corporation. Over the last year, we have met with customers around the world to help us design a new generation of security products. Our goal was to take trusted PGP technology and deploy it in a way that would allow customers to finally secure all their electronic assets.
The result is PGP Universal, a new architecture and product family deploying proven PGP technology at the network level, making email security both automatic and requiring no user intervention. By combining a
self-managing security architecture with the proxying of standard email protocols, PGP Uiversal enables customers to achieve measurable email security.
In customer meetings it became clear PGP Uiversal must meet the needs of five groups:
- Executives that want to comply with rgulations and minimize risk
- Business units that must communicate privately and securely with customers and partners
- Security groups that must enforce and measure email security
- IT organizations that don't want to change their processes or integrate new technologies
- Users who just want to do their jobs
PGP Universal was built with these needs in mind. It offers:
- Automatic key generation and life cycle management
- Central and uniform security policy control
- Policy enforcement on both inbound and outbound email messages
- Automatic and transparent operation to users
- Automatic and transparent operation to the network
- Easy and incremental deployment
- Practical and cost-effective to secure everything?
- Full compatibility with existing PGP Desktop products
PGP Universal is available immediately for purchase or customer evaluation. An FAQ and white paper with detailed information are available at www.pgp.com/universal.
Information is also available at www.pgp.com, from your PGP sales representative, or a PGP Certified Solution Provider.
Thank you for your interest in PGP products.
Sincerely,
Andrew Krcik
Vice President, Marketing and Products
PGP Corporation
Hushmail has patent (US6154543) on any kind of scheme with server based private key management.
No, the security here is by running SSL between the client and the PGP Universal server. RTFA
Don't most organizations do this sort of thing with LDAP already?
Conformity is the jailer of freedom and enemy of growth. -JFK
This is a thing for corporations. Private email-crypting will continue to suck big time until PGP/Mime and all that stuff become standard functions in KMail and Thunderbird and don't require some ominous compiling/installing of shoddy beta plugins or a five week full-time training in exim and mutt configuration.
We suffer more in our imagination than in reality. - Seneca
"i don't have any of that. it's too confusing".
"I don't have any of that. We broke it ten years ago and have our own in-house algos. But if I told you that, I'd have to kill you."
I hereby place the above post in the public domain.
The spam can't be scanned while in PGP form, and according to their diagram it won't be decrypted until AFTER hitting the mail server.
I suppose one point up for security, one point down for preventing spam :(
Can I please make some money, too, by using SSL for some previously plain text protocol and serving as a certifying authority between any two parties?
"Provided by the management for your protection."
Personally, I'm just going to use jwz's new script for all my communications:
Aoccdrnig to rscheearch at Cmabrigde Uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist and lsat ltteer be at the rghit pclae. The rset can be a total mses and you can sitll raed it wouthit a porbelm. Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe."
http://jwz.livejournal.com/256229.html
It certainly isn't a universal solution but it's definitely a solution for some problems.
For example, if this is utilized by a company or an ISP, your email never hits the 'net unencrypted. Certainly, there are people who still have access to the email in its unencrypted form. I wouldn't use a system like this to transmit the names of the Colonels eleven herbs and spices. But it does bring email a bit closer to snail mail.
How much security does an envelope provide? Anyone who gets their hands on it can easily open it. But it's certainly more comfortable than sending a postcard.
"The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.
Ever since US NSA money polluted PGP its bad to trust anything labelled 'PGP' for any reason.
:
C T= 104&STORY=/www/story/04-09-2001/0001464825&EDA TE=
:
:
NAI admitted they took significant funding for engineering work while they owned PGP trademark.
NAI does not deny this.
They do deny the NSA moeny resulted in holes, yet we all know PGP was tamperred with at least once to allow a third party to be silently attached to a pgp email.
NAI claimed that the funding mostly ent to a linux group formerly called TIS Labs but that is no wholly true.
here is just one press release exposiong the payoffs for tampering with PGP earlier for "national security" of USA
http://www.prnewswire.com/cgi-bin/stories.pl?AC
(excuse spaces slashcode may have added. the link without tamperred 'spaces" works, i just checked it. silly slashcode).
regrettably source code to PGP 5 and up to 6.5.8 contain faulrty message recovery features ADK (Additional Decryption Key), or ARR (Additional Recipient Request)
it is a serious problem, one of many and the CERT advisory for this pgp exploit is avaialble here
http://www.cert.org/advisories/CA-2000-18.html
(excuse spaces slashcode may have added to the url,usually only after 80 character though)
pgp os discredited on many levels but the main reason pgp is not widely used is because NAI never ever ver gave out free source code to the integration parts to int3egrate with popular email programs (outlook on pc and mac, claris email on mac, netscape email, etc etc).
without the integration, yoiu have to copy to ram clipboard, swap tasks, use the tool, open a text document, after decrypting you then paste into ram based document, (if vm is off), and then read the mail. messy.
people want macintosh-windows ease of use pioneered by the lisa since sept 1982, twenty years ago : GUI !
people want a gui way of doing it and the free pgpclones adn the con-scam pgp of 2003 just do not get it.
the reason people do not use pgp is because
1> its not full source code avaialble in the most pleasing versions ever released
2> its not free for companies to use
3> its tamperred by nsa money and now needs a full code audit or else reversion back to pre 5.0 version.
4> RSA key patent expired long ago and rsa is etter but pig-headed codem mokeys refuse to use rsa as preferred technology for no reason otehr than arrogance and it leaves a sour taste in most gurus mouths to forsake rsa for no valid reason in 2003.
pgp is dead and greed killed if off. greed greed greed (and a little nsa nro involvement)
For those who don't know, Phil stated when he left that every PGP product released while he was there contained no hidden back doors. Knowing that companies like PGP were being pressured, it makes me think the creative differences were them wanting to build something in that he thought shouldn't be in.
LordBodak's journal.
They seems to support POP3. That means that all the e-mail that someone receive are in plaintext on his harddisk. Not very secure!
For this approach to work, someone would have to BCC himself instead of putting a copy in the sent folder to keep the e-mail he sent. Also, it can be secure only if using IMAP (mail stays on server) and the folder used to as the IMAP cache on the computer should be encrypted.
I don't know what their target market is. Most large corporation use Notes or Exchange, which already support encryption.
Actually, I've been playing with Thunderbird, and setting up encryption is pretty damn easy.
I work for a fairly "hip" company (IBM) and we have this nifty website you can go to, fill out a form, and they send you a nice little PKCS#12 file, signed by a real root cert and everything. To use this with Thunderbird, all you have to do is: "Manage Certificates" -> "Import" -> (password) -> done.
Of course, if you want to generate your own keys, that's a little harder, but nothing a simple script couldn't be created to do.
You should try KDE's KMail with gpg integration.
It is milk-simple and as easy to use as a nipple.
-I like my women like I like my tea: green-
I agree with you, and because of their installed base it would be possible for them to make encryption a default for the majority of the population. This is critical for generating a critical mass that is needed to be able to sustain encryption as a routine practice.
Trying to send encrypted files all of a sudden to a few people somehow seems to give the wrong impression, because it seems that you have something to hide. It is as if your communication stands out as a needle in the haystack, and someone using a "magnet" can just suck you off the system ....
But, if Yahoo, hotmail, etc started encrypting by default, then a huge number of emails, I believe enough for the critical mass, shall use encrytion. And so now your desire to send encrypted encrytion is no longer looked at with suspicion. You are now like hay in a hay stack and no magnet can suck you off the system ...
So, I believe, in the spirit of Standing Up against such obscenities as the Patriot Act, companies like Yahoo.com, M$ Hotmail.com, Mail.com, Verizonmail.com, Myrealbox.com, etc. should start provinding encryption by default.
It is the "right" thing to do.
To see a world in a grain of sand, and then to step back and see the beach where the sand lies
A simple, yet very secure solution allready exists:
http://www.hushmail.com/
Can't say enough about this free service. It simply rocks.
why my opinion matters: i have actually used this software as an end user. i have no affiliation with pgp corp. i just got a beta download and a manual, and sorted it out on my own.
let me try to describe how it works. i'm no expert, but i think that might be a good thing in this context.
say you and i are on the same mail server, using the pgpu proxy. i send you a mail. the server says "hey, me@domain.com has no keypair". "me" has authenticated to the smtp server to send the mail, so we're going to trust "me" and generate a key pair. another will be generated for "you". when "you" check mail, it trusts you based on the imap authentication, and decrypts the mail. ultimately, the "passphrase" on the keys is the imap/smtp authentication.
this gets you encryption that took 0 effort on the users' parts, no effort on the part of the administrators beyond the initial server setup.
the user can't forget to encrypt.
you are no less secure than before, as you are still trusting based on imap/smtp authentication. but now the messages are stored encrypted on your normal mail server.
should your server get rooted, the messages aren't readable.
or if an it person with root on the mail server decides to poke at the ceo's mail, it won't be as easy (especially if that person isn't an admin on the pgpu machine).
since this is just a proxy, it can be dropped in seamlessly with a simple dns change, so you don't need to change your clients. assuming they are all using SSL already, you're done. if they aren't on ssl, there is a windows client that can be installed via active directory that will secure the desktop -> server connection. or you can just tick the "use ssl" box in any decent mailer. since it is a standard protocol, the client app doesn't matter, leaving you free to use mac/windows/linux/whatever. in my testing, the clients were macs running apple's mail.app.
it took me about 20 minutes to get it set up and working in the lab for internal mail encryption/signing. that includes installing the software.
the installer is an appliance type thing: boot off the cd, install, reboot, you're done.
regarding the keys all in one basket, there is a backup facility built in to the software to make sure you have your keys in the event of a failure.
i haven't done anything with sending mail to external users (outside of your company), so i can't say anything for/against it).
all in all, i think it's a pretty neat product. i actually don't know a thing about the pricing, but it brings value for a low admin overhead.
new outlook viruses to be safely encrytped all the way to my local mailserver!
I did read it, but will admit that I didn't fully understand the scope of your suggestions.
Basically it comes down to somehow requiring that every "perhaps" in my example is SSL'd.
The problem is that it is extremely difficult to do so. Alice has no control over what POP or IMAP software gets used within bob.org, nor should she.
Even if a mailserver requires TLS when accepting mail, you have no assurance that it will require TLS when sending the message on it's next hop. Unless some global agency forced all public mailservers to run a particular set of software configured in a specific way, and had some DRM-like way to ensure that they haven't been changed, this really is impossible to implement or enforce.
It's more implementable, and more in the general Internet spirit, to use something like PGP to handle your security and authentication on the client end, because then you don't have to rely on every sever between you and your destination (most of which will be outside of your control) to do the right thing encryption-wise.
That said, I'd certainly like to see some way to get back to a world where you could trust a mailserver to be who it said it was. Certainly, if everyone had a proper server certificate, and if every server required incoming connections to be from a server with a valid certificate or an authenticated user, we'd be there. I just don't see an easy way to get there from here...
There's a constant drive to dumb things dwown, make them easier to use without any kind of understanding about what is going on under the hood.
This is good in some areas. People need don't need to understand how their word processor or web-browser works. So long as it works, they can use it effectively.
In the case of information security, it's dangerous. If people use encryption without at least some understanding of security, they won't use it effectively. But they will believe they are safe, because they clicked the "encrypt my e-mail" button.
Surely the real solution isn't to dumb down the software, it's the smarten up the users. Pretty much everyone who really needs encryption is capable of understanding enough of the issues around computer security and use existing software to secure their e-mail. People need to accept that computer security is a complex thing, and like all complex things, you can't do them without at least a bit of homework.
Smart cards won't make PGP that much easier to use. Read "Why Johnny Can't Encrypt" for some sobering facts about how hard it is to just get PGP set up right.
Regardless of the technical merits of this server-based approach, no one solution (particularly not a costly one) will lead to the widespread adoption of email encryption. Which is why I'm happy that IMP (part of HORDE) is integrating PGP into their latest release of their open source web-based email program. I've used IMP for years on a small server, but I have also seen it deployed by a large University, and can say that the only thing it lacked until now is integrated encryption. Hopefully, we will see this type of integration in many web-based email programs (encrypting a message to a Hotmail user, anyone?).
cryptbox
This has already been done. All one need to do is generate a set of keys and send from end user to end user. The thing that is so interesting is that the mail server is supposedly encrypting this as well. Why dont they just use a NES (network encryption system) that can have umteen connections or a TACLANE that can have up to 6 connections while using hardware encryption? Combine a system like that with a eprom usb device that has the private key on it and the public key on one of many public accessable ldap servers and your set. Just have the email programs check one of the mirrors for a valid key, and off goes your email. You just have to make sure you log in to your eprom. 128 bit encryption is not hard on massive networks, its getting it to be accepted by the home user that you cant control that is going to be the issue. Make the eprom a package deal with your isp connections, and your set. Get a net connection, get a usb token that encrypts your email for you automagically. DoD has been doing that crap for years, just do a google search on DMS (defense messaging system). You shouldnt be able to get down to the nitty gritty, but you should be able to get an idea.
Stop signs are only Suggestions
- Something you have
- Something you know
- Something you are
The combination of the keyfob, the biometric, and a password is as good as it gets. To really do it up right, the keyfob has male and female USB ends, which allows the 'connect the keyfobs to trade public keys' and also would allow a USB keyboard to connect through the keyfob, so that it could do the password part without passing the keystrokes on to the computer (that might have a keylogger installed).[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.