Slashdot Mirror
PGP Universal - Usable Email Security?
An anonymous reader writes "For years, noted cypherpunks such as Brad Templeton, Ian Goldberg (PDF link), Bram
Cohen, and Len
Sassaman (PDF link) have been calling for easy to use email encryption solutions
which involve little crypto comprehension on the part of the user. Now, it seems like someone has listened: PGP
Corporation has announced its PGP Universal, which says it 'shifts the burden of securing email
messages and attachments from the desktop to the network in a way that is
automatic and entirely transparent to users'." The Register has more information on these newly announced proxy servers.
shifts the burden of securing email messages and attachments from the desktop to the network in a way that is automatic and entirely transparent to users'
If you think that letting the powers that be implement our security by shifting the responsibility for encryption to them is going to make us take off our tin foil hats then you have another thing coming o.0 Methinx that if anything this will make me consider constructing a newer, stronger hat.
This looks a lot like what the company I work for does.
(A box/infrastructure) that does the crypto/key management for you)
If someone really needs to use PGP security, which is almost unbreakable, they would figure out how to use existing programs. Most potential customers for this program have no need for it; the vast majority of people would be fine with little or no encryption. Really, though, who sends their credit card numbers over email? If it's that important, people go to the trouble to figure it out. So, in my view, this is a luxury. People who have a real need for PGP will take the 5 minutes to figure it out. Other people simply don't need the security.
"73% of quotes on the Internet are made up" -Ben Franklin
Pine/GnuPG ask me for a passphrase each time I encrypt and/or sign a message. This proves that I originated the message (not just some random punk who broke into my computer) for the purposes of authentication and non-repudiation.
The article and FAQ list were light on technical details, and I don't feel like registering for the actual whitepaper, but: since the aim of this service is to make encryption easy enough for common usage, I highly doubt there will be a passphrase prompt or any other method to ensure that the actual alleged sender is in fact the originator of a message. This seems to be confirmed by the statement that desktop mail clients (e.g. Outhouse) will be somehow directly "integrated" (how's that for nebulous?) with these proxy servers.
Without this precaution, I fail to see how this is anywhere as secure as straight-up PGP/GPG.
We have more to fear from the bungling of the incompetent than from the machinations of the wicked.
Did you read the article? It says: "Transmissions between a client machine and PGP can themselves be encrypted using SSL."
So transport between client and proxy can (and should) be secured. Of course you'll need appropriate authentication mechanisms at the client end to make sure the client is trusted, but as long as you trust SSL the actual data transmission itself shouldn't present a problem.
My first thought is, "Oh great, that'll just mean you need to trust the server."
But then I started to consider what would happen if a lot of the large domain servers were to start signing their mail automatically with a "Yes this really did go through our mail server" signature.
For one, if every message to come from Yahoo was signed with yahoo's key, you could automatically deny every message from yahoo that didn't have that signature. Think of how much easier spam catching would be.
Joe-jobbing could be reduced. If it comes from Intergalactic Orange Smoothie's DNS address without a signature, you know that somebody's been joe-jobbing Intergalactic Orange Smoothie.
And encryption between known partners could be enforced. So every message between Intergalactic Orange Smoothie and their partners could be encrypted.
Problems are, not everybody's got PGP. So Intergalactic Orange Smoothie can't make every message encrypted. So there still needs to be some user-interaction.
Gentoo Sucks
It seems that a device - like the keyfob-sized USB "memory drives" should be nearly enough for any personal use. Ideally there would be some sort of fingerprint or biometric reader in it too, though the existing passphrase mechanism could suffice. Just put your secret key on it and you can take it with you. I guess the problem is keeping randome machines from snagging a copy, though, since the same machine you plug the fob in to can also snag your keystrokes and thus your passphrase.
If it's not one thing, it's another.
But you're still not secure between the client and the proxy as far as network transport is concerned...
Sure you are. SSL, as described in the posted links.
A more pertinent question might be, what about all those private keys sitting on the server? How do you get the signing and non-repudiation advantages of PGP if the user doesn't hold the key, but rather depend on a shared server?
In the end, given the usability issues that even security professionals have with PGP, this can only help spread encryption down to some end-user masses. And that's a good thing, as long as the certificate store isn't trivially crackable or foolable.
Assume the encrypting mail server is internal and you use a switched LAN (that helps prevent sniffing). I think the big sell here is to tell the customers that your mail will not leave your company unencrypted onto the Big Evil Internet.
Also you miss the point when you say "access your sensitive data without your permission". If this is in a company, your employer owns the computers, network and ultimately the "sensitive data", not you.
Trolling is a art,
The article states that the network is then responsible for decrypting and encrypting... it has to be clear text someplace on the network to begin with then. Doesn't that defeat the purpose? And, why is this necessary when the future 'ipv6' to be done by 2007 will be completely encrypted anyway (internet version 2 if you will).
What is slashdot?
This looks like it doesn't accomplish significantly more than the existing SMTP option STARTTLS.
It does. The classic problem with STARTTLS is that it isn't end-to-end encryption - there is no guarantee that your mail server will use STARTTLS for the next hop, or that the recipient will use (SIMAP, POP+STARTTLS, whatever) to download it from their mail server.
With this solution, the first hop is encrypted with SSL (just like STARTTLS) and after that the message itself is encrypted/signed, and any MTA hops beyond that don't need to be encrypted if the message is.
Yahoo Mail does a superb job of catching spam and scanning for viruses. They also use SSL (optionally) for logging in. If they would just add PGP/GPG to their Mail Plus service, hell, I'd buy it!
The ability to plug-in PGP has been a part of several mail clients for a while... mutt, pine, etc. But, this has been the domain of the "more than casual" user... I would dread explaining to Mom how to setup her private/public keys, let alone why she should use encryption and the dreaded "how does this work" discussion.
;)
There's quite a bit of difficulty, methinks, in adopting this technology at any level the average user is aware of. I mean, the only way I can see wide-spread adoption happening successfully is you don't even let the users know how their mail is being encrypted/decrypted. Otherwise, you leave it open to too much user error: the dreaded "I lost my keys," or "Bob-IT-Guy, can you decrypt this important mail sitting in Sally's inbox... she's on vacation and we need it now!"
You take the (oh... forgive me) Lotus Notes approach (I'm *not* a fan, but I understand this aspect of the software): it can be setup so the encrypt and decrypt happens transparently to the user between Lotus Notes servers. If you had something along this level between mail servers, then you might start getting into secure transmission of e-mail.
Man... there are so many areas to lock-down... while I'm a big fan of PGP, it seems like the whole nature of the e-mail communication system needs to be looked at and (potentially) overhauled. So what if the message is transmitted securely between me sending it and you receiving it? If you do it at a user level, then you need universal support built into all the different mail reader applications. If you do it at the server level, then you need to lock-down the security more tightly at the server level (can your admins read your mail? Sure can! Not that it isn't already that open today). And how are keys managed? And who do you trust? And who manages how public keys get distributed?
Right now, it is all fairly manual (unless the tools have been updated since I last looked at them).
I can hear it now... can... opening... worms... everywhere!
Diplomacy is the art of saying, "Nice doggie!" until you can find a rock.
There is a Client Key Mode that doesn't store the Private key on the PGP server. In this mode the admin can't view your key. Read through all the FAQ's.
I didn't see prices on PGP's site, but I'll wager two cattle it's more than my parent's [an ideal audience for `easy crypto'] could afford.
Linux: The world's best text-adventure game.
The STARTTLS option to SMTP simply requests that your SMTP communication be done through an encrypted tunnel. It does nothing to help establish the authenticity or security of a message, which is what PGP's software is primarily about.
If I understand things correctly, using this server a company could set things up so that all outgoing emails are digitally PGP-signed with an appropriate corporate or user key. You could also set it up so that all emails stored on your servers are stored encrypted... the proxy transparently decrypts them for the client.
They talk a lot about "enforcing policy", which might include things like encrypting communications with certain vendors, signing all communications or communications of a certain nature, encrypting all communications against a corporate key as well as the recipient's, etc.
It looks like it provides a very useful function for an enterprise, without forcing your collaborators to purchase the same technology (as the output is normal, standard PGP encrypted and/or signed documents).
If you buy Pretty Good Privacy, does that mean you'd shop with a real estate agent who sells pretty good houses? Would you buy a pretty good car from Pretty Good Motors?
Pretty Good ain't good enough for me. I'll take Fuggin' Awesome Privacy, thank you very much.
Fun with Anagarams! LADS HOST, SHALT DOS. HAS DOLTS. AD SLOTHS, HATS SOLD. ASS HO, LTD.
Doesn't Anubis do this already? Why would anybody implement something like this, when a free alternative exists.
http://www.gnu.org/software/anubis/
Not to mention it has many more features than this, and no NSA Backdoors =)
-miah
Got this e-mail this morning...
Dear PGP Customer:
We are pleased to announce the shipment of PGP(r)Universal.
Thank you for purchasing products from PGP Corporation. Over the last year, we have met with customers around the world to help us design a new generation of security products. Our goal was to take trusted PGP technology and deploy it in a way that would allow customers to finally secure all their electronic assets.
The result is PGP Universal, a new architecture and product family deploying proven PGP technology at the network level, making email security both automatic and requiring no user intervention. By combining a
self-managing security architecture with the proxying of standard email protocols, PGP Uiversal enables customers to achieve measurable email security.
In customer meetings it became clear PGP Uiversal must meet the needs of five groups:
- Executives that want to comply with rgulations and minimize risk
- Business units that must communicate privately and securely with customers and partners
- Security groups that must enforce and measure email security
- IT organizations that don't want to change their processes or integrate new technologies
- Users who just want to do their jobs
PGP Universal was built with these needs in mind. It offers:
- Automatic key generation and life cycle management
- Central and uniform security policy control
- Policy enforcement on both inbound and outbound email messages
- Automatic and transparent operation to users
- Automatic and transparent operation to the network
- Easy and incremental deployment
- Practical and cost-effective to secure everything?
- Full compatibility with existing PGP Desktop products
PGP Universal is available immediately for purchase or customer evaluation. An FAQ and white paper with detailed information are available at www.pgp.com/universal.
Information is also available at www.pgp.com, from your PGP sales representative, or a PGP Certified Solution Provider.
Thank you for your interest in PGP products.
Sincerely,
Andrew Krcik
Vice President, Marketing and Products
PGP Corporation
No, the security here is by running SSL between the client and the PGP Universal server. RTFA
"i don't have any of that. it's too confusing".
"I don't have any of that. We broke it ten years ago and have our own in-house algos. But if I told you that, I'd have to kill you."
I hereby place the above post in the public domain.
The spam can't be scanned while in PGP form, and according to their diagram it won't be decrypted until AFTER hitting the mail server.
I suppose one point up for security, one point down for preventing spam :(
Personally, I'm just going to use jwz's new script for all my communications:
Aoccdrnig to rscheearch at Cmabrigde Uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist and lsat ltteer be at the rghit pclae. The rset can be a total mses and you can sitll raed it wouthit a porbelm. Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe."
http://jwz.livejournal.com/256229.html
It certainly isn't a universal solution but it's definitely a solution for some problems.
For example, if this is utilized by a company or an ISP, your email never hits the 'net unencrypted. Certainly, there are people who still have access to the email in its unencrypted form. I wouldn't use a system like this to transmit the names of the Colonels eleven herbs and spices. But it does bring email a bit closer to snail mail.
How much security does an envelope provide? Anyone who gets their hands on it can easily open it. But it's certainly more comfortable than sending a postcard.
"The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.
For those who don't know, Phil stated when he left that every PGP product released while he was there contained no hidden back doors. Knowing that companies like PGP were being pressured, it makes me think the creative differences were them wanting to build something in that he thought shouldn't be in.
LordBodak's journal.
why my opinion matters: i have actually used this software as an end user. i have no affiliation with pgp corp. i just got a beta download and a manual, and sorted it out on my own.
let me try to describe how it works. i'm no expert, but i think that might be a good thing in this context.
say you and i are on the same mail server, using the pgpu proxy. i send you a mail. the server says "hey, me@domain.com has no keypair". "me" has authenticated to the smtp server to send the mail, so we're going to trust "me" and generate a key pair. another will be generated for "you". when "you" check mail, it trusts you based on the imap authentication, and decrypts the mail. ultimately, the "passphrase" on the keys is the imap/smtp authentication.
this gets you encryption that took 0 effort on the users' parts, no effort on the part of the administrators beyond the initial server setup.
the user can't forget to encrypt.
you are no less secure than before, as you are still trusting based on imap/smtp authentication. but now the messages are stored encrypted on your normal mail server.
should your server get rooted, the messages aren't readable.
or if an it person with root on the mail server decides to poke at the ceo's mail, it won't be as easy (especially if that person isn't an admin on the pgpu machine).
since this is just a proxy, it can be dropped in seamlessly with a simple dns change, so you don't need to change your clients. assuming they are all using SSL already, you're done. if they aren't on ssl, there is a windows client that can be installed via active directory that will secure the desktop -> server connection. or you can just tick the "use ssl" box in any decent mailer. since it is a standard protocol, the client app doesn't matter, leaving you free to use mac/windows/linux/whatever. in my testing, the clients were macs running apple's mail.app.
it took me about 20 minutes to get it set up and working in the lab for internal mail encryption/signing. that includes installing the software.
the installer is an appliance type thing: boot off the cd, install, reboot, you're done.
regarding the keys all in one basket, there is a backup facility built in to the software to make sure you have your keys in the event of a failure.
i haven't done anything with sending mail to external users (outside of your company), so i can't say anything for/against it).
all in all, i think it's a pretty neat product. i actually don't know a thing about the pricing, but it brings value for a low admin overhead.