New Global Directory of OpenPGP Keys

Gemini writes "The PGP company just announced a new type of keyserver for all your OpenPGP keys. This server verifies (via mailback verification, like mailing lists) that the email address on the key actually reaches someone. Dead keys age off the server, and you can even remove keys if you forget the passphrase. In a classy move, they've included support for those parts of the OpenPGP standard that PGP doesn't use, but GnuPG does."

about time

[gsiebrecht]

finally

Re:about time

[SpaceLifeForm]

Yes, it will be about time. As in how much time is needed to access the keyserver.
/.-ed already. Of course it is beta, perhaps they just wanted a stress test.

Widespread Crypto Revolution?

[c0dedude]

With the minor computational cost of crpto and the avalability of public keys, will all network traffic move toward crypography?

Re:Widespread Crypto Revolution?

[Luigi30]

Yes... until some government makes encryption illegal because it evades wiretaps (they're trying, believe me...).

Re:Widespread Crypto Revolution?

No. People are lazy.

Re:Widespread Crypto Revolution?

[jdludlow]

Is there any way to acutally prove that a message is encrypted, as opposed to being just random garbage data that two people happened to mail to each other?

I realize that the chances of a judge buying this is going to be small, but is there a defense there? Wouldn't someone have to be able to produce the plaintext first, before they could claim that you were trying to send encrypted messages?

Re:Widespread Crypto Revolution?

[cain]

Random garbage might be compressable. (But not if it was perfectly random garbage, mind you.) Encrypted data does not compress. Not much of an argument, but there it is.

Re:Widespread Crypto Revolution?

[I+confirm+I'm+not+a]

I realize that the chances of a judge buying this [suspected encrypted data is "really" random garbage] is going to be small

Not if you can prove that you frequently send out random, garbage, data. It'll have the nice side-effect of making traffic analysis harder, too.

...but you didn't hear that from me, right?!

Re:Widespread Crypto Revolution?

[m50d]

pgp messages tend to start with "------BEGIN PGP ENCRYPTED MESSAGE-----" or something similar, or else are encrypted files with the .pgp extension and well known magic numbers at the start. Now ok this is not 100% proof, but it's certainly the balance of probabilities, and might well suffice for beyond reasonable doubt.

Re:Widespread Crypto Revolution?

[jdludlow]

That's just a convenience for the software though. You aren't required to send the "---BEGIN PGP ENCRYPTED MESSAGE---" part if you don't want to. As long as your recipient still knows what to do with the message you can communicate.

Re:Widespread Crypto Revolution?

[kkovach]

Not if the damn key server is slashdoted! :-)

- Kevin

Re:Widespread Crypto Revolution?

[sunya]

So take random garbage and encrypt it. best of both worlds :)

Re:Widespread Crypto Revolution?

[maxwell+demon]

Well, then they'll make sending random data illegal as well.

However you could take your encrypted data and hide it in non-encrypted data (steganography). After all, they will first have to find out that all your holiday pictures are not really sent for sharing them, but actually in order to hide some encrypted messages inside.

Re:Widespread Crypto Revolution?

[Frank+T.+Lofaro+Jr.]

Ab, V qba'g guvax pelcgbtencul jvyy rire pngpu ba. :)

Re:Widespread Crypto Revolution?

[SpaceLifeForm]

Well, then they'll make sending random data illegal as well.

Then how will anyone post?

Re:Widespread Crypto Revolution?

[Frank+T.+Lofaro+Jr.]

Not if you can prove that you frequently send out random, garbage, data.

Well, we know the RIAA and MPAA members should be safe then. ;)

Re:Widespread Crypto Revolution?

[Lord+Kano]

In places where the attempt is made to appear to be a free society (like USA, Canada, EU) sure you might be able to try that, but if you're in China or someplace like that you'd be risking a bullet in the back of your head.

For a places like that, we'll need steganography so that people can securely transmit data while pretending to do nothing out of the ordinary.

LK

Re:Widespread Crypto Revolution?

[B'Trey]

Defeats the purpose, as the whole point is to say that you're NOT sending encrypted information.

Random garbage wouldn't compress well anyway, for the same reason that encrypted data doesn't compress well - a lack of repeated senquences. It would be trivial to write a program that produces pseudo- or near-random garbage that will not compress.

However, it isn't at all certain that this would be beneficial to GPs purpose. There are ways to measure the amount of entropy in a string, and I'm not at all certain that it would be similar in an encrypted message and a random string. (I'm not an expert in this field, so I'm talking at the peripherals of my knowledge.)

Re:Widespread Crypto Revolution?

[Tanktalus]

Ok, so I realise that at least 70% of the /. users will figure this out... so this is in part for the other 30%, and in part because I'm just being stupid. Using a bit of cut&paste with the tr command, I un-rot13'd this:

$ echo "Ab, V qba'g guvax pelcgbtencul jvyy rire pngpu ba" | tr n-za-mN-ZA-M a-zA-Z
No, I don't think cryptography will ever catch on

Stupid me ... I thought that tr was telling me something - took a second glance to realise that it was the un-rot13'd message...

Re:Widespread Crypto Revolution?

> Well, then they'll make sending random data illegal as well.

But that would meed that most Slashdot posts and Fox News would be declared illegal!

Re:Widespread Crypto Revolution?

[yack0]

Lbh pbhyq unir fbzrguvat gurer. Uez....

Re:Widespread Crypto Revolution?

[rxmd]

The better the encryption, the less it will be discernible from random data. (Same with compression, BTW. It's all about entropy.)

Re:Widespread Crypto Revolution?

i think you have your ratios reversed :)

Re:Widespread Crypto Revolution?

[Muddles]

Without getting too far off topic, I think they just solve it using some good solid law writing skills. If they're outlawing encryption chances are the deffinition will be "stuff we cant see" and it will be like the british laws you must make a reasonable effort to produce the means to read them. Also, if the "well known magic numbers" were so well known and I was knowingly sending encrypted info and I didn't want the govt. to see I would start stripping them off the front and putting them back on at the other side. I'd also think about doing something a little more stealth and less trackable than emailing the file. Emails stick around on servers and backups for a long time. If it's gone, encrypted or not they cant read it.

Re:Widespread Crypto Revolution?

[hey!]

Actually, by definition, "random" garbage should not be compressable.

Re:Widespread Crypto Revolution?

[hey!]

My guess is that it would not in the general case be provable. However, I imagine that it may be possible in some instances to show a particular cipher could not produce a particular string of characters. For a very simple example, suppose a cipher compresses 512 bit blocks. If a putative ciphertex is not some multiple of 64 bytes, it didn't come from that cipher.

It may be possible in some cases to show by some kind of mathematical analysis that a particular ciphertext could not be produced by a particular cipher, other than the kind of silly case I've noted above, but I'd expect that such cases are rare.

In any case, if you were going to transmit some random "chatter" to throw off your opponent, it would certainly be best to produce a random string and then encrypt it. This will produce the most authentic looking output.

Re:Widespread Crypto Revolution?

"Is there any way to acutally prove that a message is encrypted, as opposed to being just random garbage data that two people happened to mail to each other?"

Lookup "chaffing" to see that that can become quite a complex question.

For example, if I send a plaintext message and sign it, it's not encrypted. But if I send a million random plaintext messages and sign just one of them correctly, is that encrypted? And if you aggregate my messaages with your own random plaintext messages, we're getting plenty of security already, even though nobody has encrypted anything.

Consider for example, sending 255 messages per character you want to send, each containing one byte of text, one of which is validly signed, and the others are invalidly signed. You've sent the message in plaintext, but it can't be read without a key.

So yep, send plenty of random garbage data, preferably with marutuku partitions inside - from the looks of my inbox, you won't be the only one randomly generating gibberish.

Re:Widespread Crypto Revolution?

AVIs and MP3s don't compress much.
Encrypted data can be reprocessed to be compressible if you really want.

Please try again.

Re:Widespread Crypto Revolution?

[GrenDel+Fuego]

Encrypted data doesn't compress because it is ALREADY compressed during the encryption process.

Just compress your random data, and boom, there you go. And you don't have the issue of encrypted garbage being illegal as well like someone else mentioned.

Re:Widespread Crypto Revolution?

[PeeCee]

suppose a cipher compresses 512 bit blocks. If a putative ciphertex is not some multiple of 64 bytes, it didn't come from that cipher

That's an interesting idea, but it's very subject to the details of the implementation. However, the biggest problem I can see is this: what about stream ciphers? For example, the way I understand it, RC4 simply XORs the plaintext at the byte-level with the keystream. So you could have arbitrary-length ciphertext.

- PeeCee

Re:Widespread Crypto Revolution?

[An.+(Coward)]

Is there any way to acutally prove that a message is encrypted, as opposed to being just random garbage data that two people happened to mail to each other?

I realize that the chances of a judge buying this is going to be small, but is there a defense there? Wouldn't someone have to be able to produce the plaintext first, before they could claim that you were trying to send encrypted messages?

Depends. If you and your spy friends are using a one-time pad, there's no way to prove that a message is encrypted, or what the message is.

But if you're using PGP, no, you wouldn't need to produce the plaintext to prove that it's encrypted instead of purely random. PGP has a well-defined message format that includes not just encrypted data but also things like format version identifiers, subpacket identifiers and lengths, key IDs, algorithm identifiers, etc. (This goes beyond the "-----BEGIN PGP MESSAGE-----" delimiters, which are only included in text output, when the message is Base64 encoded.)

All a prosecutor would need to do is demonstrate the presence of such values embedded within the "random" data to show that it's encrypted.

Re:Widespread Crypto Revolution?

[cain]

Cryptographers have a much tougher definition of random than your average person. Thus my point about not perfectly random.

Re:Widespread Crypto Revolution?

[cain]

Then the data would be encrypted. The parent asked if you tell the difference between random garbage and an encrypted message. If the message compresses, then it is not encrypted. This was my only point. And it's not a very good one at that.

Re:Widespread Crypto Revolution?

[cain]

Encrypted data is already compressed.

Re:Widespread Crypto Revolution?

It seems unlikely even the most paranoid governemnt would outlaw all encryption, as that would cause E-commerce and specificly online banking and credit card transactions to grind to a halt, the economic fallout would be a disaster. It is possible however that specific types of crypto might be outlawed

Re:Widespread Crypto Revolution?

[bloo9298]

That's incorrect. If you encrypted some uncompressed data (using any well-regarded cipher), then the ciphertext is unlikely to compress. It does not matter whether or the original plaintext is compressed.

Re:Widespread Crypto Revolution?

[harlows_monkeys]

Encrypted data doesn't compress because it is ALREADY compressed during the encryption process

Even if you don't compress during the encryption process, encrypted data doesn't compress, so I'd say that the poor compressibility of encrypted data is not because of the decompression during the encryption process.

Re:Widespread Crypto Revolution?

I realize that the chances of a judge buying this is going to be small, but is there a defense there? You must be a U.S. citizen!

Re:Widespread Crypto Revolution?

[swillden]

Zmt, bqabxq mdq vgef faa xmlk fa ygow iuft uf.

Re:Widespread Crypto Revolution?

While this is a good first step the real solution is to modify the languange so that certain types of ideas can not even be expressed. Once this is in place you can then pass legislation to make the thoughts themselves a crime.

Re:Widespread Crypto Revolution?

[mibus]

Qhqr, jung rapelcgvba ner *lbh* hfvat??

V pna'g haqrefgnaq nalguvat... lbh'er abg sbervta ner lbh? :-)

Re:Widespread Crypto Revolution?

[mibus]

V guvax fgebat rapelcgvba (yvxr guvf) zvtug!

Re:Widespread Crypto Revolution?

[fossa]

If you're going to be picky...

A true random number generator could produce the string 1111111111; it's merely highly unlikely. I can easily compress that as 1*10. I think the word you want is "entropy". Random number generators can produce strings of low entropy, it just isn't very likely. See the second law of thermodynamics. All the gas molecules in my room could rush to the opposite wall suffocating me; it's just astronomically unlikely.

Re:Widespread Crypto Revolution?

[swillden]

Qhqr, jung rapelcgvba ner *lbh* hfvat??

DAF-12

V pna'g haqrefgnaq nalguvat... lbh'er abg sbervta ner lbh? :-)

U my fa yaef ar ftq bqabxq uz ftq iadxp!

Re:Widespread Crypto Revolution?

u etagxp tmhq wzaiz; uf ime ea euybxq.

Re:Widespread Crypto Revolution?

[thejson]

aabe, sgqee u pupz'f xas uz

Re:Widespread Crypto Revolution?

[thejson]

ftq zgynqd suhqe uf mimk.

Re:Widespread Crypto Revolution?

Sbe gur ynml, whfg hfr ebg13.pbz.

Re:Widespread Crypto Revolution?

[swillden]

Matm ptl max bwxt.

Re:Widespread Crypto Revolution?

[hey!]

To be very precise, I'm talking about what consitutes randomness, not in a number, but in a random number generator. There is a significant difference from the standpoint of a generator and a compressor.

Entropy, in discrete mathematics, is a property of a distribution of a variable. From the point of view of the generator, the sequence is the sequence of numbers, from the point of view of the compressor, the sequence is the sequence of digits in a number. A random number generator is good to the degree that it produces sequences with high entropy; naturally individual numbers in that sequence may have digit sequences of low entropy.

In any case if we are to define what constitutes a good cipher, it is one that produces ciphertexts that appear random from the point of view of the compressor, even given detailed knowledge of the cipher algorithm. That is to say, if I know that a particular ciphertext was produced with RC5, this should not help me very much with a general algorithm to compress RC5 ciphertexts. If it does, then then RC5 wouldn't be very good.

Of course it is trivially possible to create a compression scheme that compresses a given number or text very well, if we don't worry about the possible space of texts from which that text is drawn.

Re:Widespread Crypto Revolution?

[valec]

No.
Why? Because we're talking about a small elite group of people who use encryption.
Sure, everyone uses it in the background, through forms such as ssl, but when it comes to email, not enough people use it.
And my theory is that privacy is simply of no concern for most email users. If there was a client that offered end to end RSA, that worked as well as what people presently have, people might use it, but you'd still have to convince them to change to the new client.
At the moment it's just not easy enough for non tech people.
Not to mention the problems with key management...

FPCP

[nahdude812]

FPCP (First Privacy Complaint Post):

Won't a database of verified emails be, y'know, abusable? What about spammers who want to harvest from this? If they can't directly harvest, they could certainly validate email addresses they know about, and know they were getting people on email addresses that they care about.

Re:FPCP

[nlinecomputers]

Like they can't already do that with the old keyservers? Most keys should resolve to a valid email address, No?

Re:FPCP

Yup... spammers are already harvesting email addresses from PGP keyservers. I had an address on my key that I never ended up actually using for anything, yet I suddenly started getting spam to it. Ditto for another address that I only used with close friends and family but was also a userid on my key.

The combination of this and (nigerian) spammers that actually respond to my challenge-response authentication is getting me very pissed off about spammers. :)

Re:FPCP

[I+confirm+I'm+not+a]

Won't a database of verified emails be, y'know, abusable?

I've wondered about this in the past, but - and naturally I don't have a link to hand ;) - apparently key-lists haven't - to date - been abused by spammers. My guess would be that spammers see users of PGP/GPG as (a) technically advanced, and hence more likely to have spam-filters/spam-retaliation protocols in place, and (b) likely to only use published emails for encryption. Either that or PGP/GPG whooshed passed spammers' heads with no comprehension occuring: "Can I make money off this JeepyGee thingee? No? Forget it, then."

Re:FPCP

[Gemini]

What about spammers who want to harvest from this?

It's not a good harvesting target. You can only get *one* email address per search. If I were a spammer, I'd go somewhere that gives me more for less effort.

Still, even the old keyservers where you can get many addresses per search seem to be ignored by spammers. Even they are not rich enough of a target.

Re:FPCP

[farnz]

After getting hit by a spammer using my work address as his From address, then getting deluged (a few thousand) by C-R challenges, I started just replying to challenges whether or not I sent you an e-mail.

By and large, whenever I send e-mail out of the company, I'm authorised to spend money. If you blacklist me for replying to your challenges, and later I can't get hold of you to offer you money, that's not my problem, it's yours.

Re:FPCP

[TheUnFounded]

From the FAQ:

Will I get spam if I use the PGP Global Directory?
No. Searches of the PGP Global Directory are limited to one (1) response, thus making gathering email addresses from the PGP Global Directory one of the least-effective ways of harvesting email addresses for spammers.

Re:FPCP

[YetAnotherDave]

whatever.

Since I upgraded my mailserver to SpamAssassin 3.x I don't even bother with dummy mail accounts anymore. Spam just don't bother me anymore :)

Re:FPCP

Seeing exactly the same thing here.

Re:FPCP

After getting hit by a spammer using my work address as his From address, then getting deluged (a few thousand) by C-R challenges, I started just replying to challenges whether or not I sent you an e-mail.

By and large, whenever I send e-mail out of the company, I'm authorised to spend money. If you blacklist me for replying to your challenges, and later I can't get hold of you to offer you money, that's not my problem, it's yours.

I'd never blacklist you responding to a C/R.

I'd sign you up for mailing lists.

Re:FPCP

[nahdude812]

They can still use it as a current email address verification scheme, throw their millions of old addresses at it and figure out which are still good, thus increasing the quality of their lists, and the density which they can successfully delivery spam.

Even if each IP was limited per some interval, with the spam bot nets that are the source of most spam anyhow, it's trivial to abuse. Presuming a reasonable figure of 10 per hour (legitimately I have looked up more than this), *small* botnets could generate millions of address verifications per day.

Re:FPCP

So, some poor bastard gets spammed by your C-R system, because don't want to deal with your own spam. He does what C-R systems expect humans to do, and replies to confirm that he's real, thus letting spam into your mailbox. Hell, he may even have automated that process for common C-R systems, to deal with idiots who turn on C-R and don't understand what they're doing, thus never seeing your challenge; after all, when he got hit by this joe job, he had better things to do than read each C-R in turn and only answer the genuine ones, not the spam induced ones.

And as a result of him doing WHAT YOU ASKED HIM TO, and thus causing you to see ONE piece of spam, you feel entitled to let him in for huge amounts of the crap? Maybe he should be entitled to take $100 from you for each challenge you send him. It would at least give him an incentive not to answer your challenges unless they're replies to messages he's sent, and it's a damned sight easier to cope with losing the odd $100 than to get yourself off huge numbers of mailing lists.

Re:FPCP

[wolf31o2]

Have you ever queried the current keyservers? Try doing something like querying @ibm.com or @microsoft.com and see how many hits you get.

While these are not *verified* in any way, they more than likely belong to a real email address simply because someone is using it for PGP.

whitelists?

[essreenim]

Sounds like a good way to make a global whitelist!
Allow incomming mail only from such valid e-mail accounts that are using the service. Could be useful for spam. Or will spam endure as it always has done... ;/

Re:whitelists?

[wwest4]

> Or will spam endure as it always has done... ;/

Or only allow incoming mail that's signed. This won't prevent spam, but it will complicate the spammers' lives a bit, at least for a while.

Re:whitelists?

[Tenebrious1]

Sounds like a good way to make a global whitelist!

It won't be any different from individuals creating their own whitelist, since you can't implement whitelists at the ISP level since most people do not use PGP and cannot be forced to use it.

It wouldn't stop spammers at all though, since spammers could still create legitimate keys, send out a billion spam then delete those email accounts and move on. It may slow it down a bit until some smart spammer creats a program to automate the process of creating, registering, and authenticating the key, but I doubt it will take too much time and effort.

Re:whitelists?

[NoMoreNicksLeft]

Yeh, especially since they can't write a script that will generate 12 million pgp keys, using each to sign only 4 or 5 spams, before discarding it.

Thank god there aren't PCI cards that offload crypto.

Re:whitelists?

[Corwyn+ap]

It might stop spammers. At the very least it will slow them down. Remember that they need YOUR public key to send you encrypted mail. They don't actually need one of their own. So, instead of just getting your email from a list, they need to get your public key too, and then encrypt the message (a slow process if you are sending millions of e-mails), separately for each recipient.

There is close to zero chance that a spammer would go through the trouble until ALL email is encrypted.

Thank You Kindly.

Re:whitelists?

Actually, IIRC Spamassassin will give a -10 score (ie, not spam) to any message with a pgp sig. I don't even think that it validates the sig. So, they wouldn't have to even be valid sigs with valid keys...

Is there a future for PGP?

[Albanach]

Like lots of people, I've used PGP for years, but it has never taken off like it should have. I wonder if it really has a future.

Companies can secure their internal email by deploying SSL on their mailservers and enforcing its use. For email outside the company surely S/MIME has captured the market. It's built into most email software, and companies are offering free certificates.

With PGP seeming more complex and requiring a seperate install, what role does it have for today's SMEs?

Re:Is there a future for PGP?

[Ashe+Tyrael]

There is a problem with this though. Several ISPs, for good and legitimate reasons (spam and virii) don't allow certain types of e-mail attachment. Which means if I sign an e-mail, the fact I've signed it gets filtered by the receiving ISP.

Nothing wrong with the standard itself, just a lack of support and clue by ISPs.

Re:Is there a future for PGP?

[spellicer]

S/MIME and PGP certainly address many similar issues such as email encryption and sender authenticity (which SSL does not necessarily do by the way), they approach some of the problems in different ways. The key difference I see between the two (and why PGP still has a role in this area) is how trust of signing keys is built.

S/MIME and x.509 certificates use a central authority to enforce certificate holder identity. PGP and its variants use a "web of trust" system which allows ad hoc trust networks to build up by acquaintences sign each others keys. As an analogy, x.509 is client/server while PGP is peer-to-peer. PGP's approach serves a role for those who do not have a central authority (i.e. certificate authority) in common, do not trust CA's, cost of a certificate from a reliable CA is too high, or other factors usually centering around CA's.

The above is a general idea and there are many variations on it that make the area more fuzzy. For example, S/MIME could potentially be implemented using PGP keys instead of x.509 or PGP could be implemented to require a particular signature (i.e. a CA) in order to use a key.

Re:Is there a future for PGP?

[jludwig]

Its missing what I call the "grandmother" factor. I can explain it to most technical people I encounter (but can't convince any to use it), but its way too complex an implementation for most average users to handle - my mother or grandmother. Its not that they can't understand it, but the computer is already overwhelming and they need something that "just works(tm)". The Web of trust concept "just makes my head want to explode(tm)"

Unfortunately I can't see a good way to make things more transparent and invisible to the end user. Most folks don't pick good passwords, yet that is absolutely essential for PGP private key security. Also, a yearly drive reformat is not uncommon, so lost keys are a huge issue. This technology partially address that issue but I shouldn't need to check to see if someone updated there key every message, plus theres the trust issue with a constantly rotating keyset.

Jeff

Re:Is there a future for PGP?

[elgaard]

I think PGP has a future.

In the couple years PGP/GnuPG have become much simpler to set up, especially on windows. Thunderbird/Enigmail works great on many platforms. On linux KMail and kgpg also just works.

Re:Is there a future for PGP?

[MartinG]

It comes down to a matter of trust. Personally I don't trust my ISPs mail servers, nor do I trust some of the admins (not that I think they are malicious, just they they make mistakes)

Also, PGP is not just about encryption but about message authentication. S/MIME can't give you that.

Re:Is there a future for PGP?

[AxelTorvalds]

Know what I did for my grandfolks? We got them an imac a while back. We upgraded it and got OS X on it. It's not a lightning fast machine but it's a killer email and casual browsing machine. Put Thunderbird and enigmail on it and then made them a pgp key sans passphrase (yeah, yeah yeah, I know)

They sign all messages by default and then via enigmail we set up some rules and they always encrypt to me and the parts of the family that have been converted. They didn't even know they were doing it at first.

It's not perfect security, there are some issues but it's a start. If you wanted spam to go away, I've said this hundreds of times, start signing your email.

Re:Is there a future for PGP?

[david.given]

For email outside the company surely S/MIME has captured the market.

Has it?

I've never seen an S/MIME message, or ever felt the need to make one, or get a key, or anything. In most of the (admittedly geeky) places where it's common to sign message, it's always been GPG. The company I work for uses GPG to communicate with customers, and the customers have never suggested using S/MIME instead. As far as I've seen, GPG (and PGP) rule.

Where is S/MIME actually used?

Re:Is there a future for PGP?

How many people do you know who have gotten a free cert? All the companies that are offiring it, afaik, ask way too many personal questions. I just want them to prove that I am the owner of a certain email address - I will most certainly not give them my full name, social security number, passport number, drivers license number, phone number, address, birth date, place of birth, mother's maiden name, bank account number, credit card number, ... (ok, maybe not bank account number, but you get my point).

Re:Is there a future for PGP?

[IpalindromeI]

Just curious, why not ascii-armor the signature and inline it?

Re:Is there a future for PGP?

[Ramses0]

PGP will come, but will meet strong resistance from "important people" along the way. It's really not that hard, get AOL, Yahoo! Mail, and GMail to automatically create public/private keys, publish, store, archive, sign, etc. all your email when using their web interface.

*YOU* don't ever need to know that the email has been encrypted, or that you even have a public/private key. You could even do something ridiculously small, like a 24 bit key or something to keep "gub'ment" happy.

The next step is adding a button in "mail options" to upload YOUR OWN PUBLIC KEY. Yahoo! (eg) receives it, sends you a challenge, and says: "decrypt this message, type in the 8-letter token that's in there, and we'll accept and advertise your new public key as yours, and expire the old auto-generated one". If you wanted to trust yahoo with your private key, that's your own business. But even neglecting the use of personal public keys and sticking with auto-generated ones, by hitting the major's you'd have 20-30% market saturation of encrypted emails, and the infrastructure to support future uses of public/private key stuff.

Eventually one of the majors will realize that "all identity problems go away" when there is a broadly available public/private key infrastructure.

Imagine typing your email address into slashdot, slashdot fetches your public key [in background], issues your browser a challenge, browser decrypts challenge with private key and responds. Viola. Passwordless logins everywhere. Who out there is listening? 80% of the infrastructure is in place already. (moz-plugin: gpg-challenge-response)?

--Robert

Re:Is there a future for PGP?

[Requiem+Aristos]

Companies that send data between themselves or government agencies. (Example: Pharmaceutical or Biotech Companies communicating with the FDA.) They'll say "we're sending this data over email, how can we protect it?" and then they'll look at vendor solutions.

If there's a high geek factor, OpenPGP may get used, but if Outlook is the standard client (as it is in many companies), people start looking for S/MIME certificates.

Re:Is there a future for PGP?

[Greyfox]

If companies would sign their corrispondance with a PGP key, it could eliminate (Or at least siginificantly reduce) phishing. More so if common mail clients were to support PGP and PGP signatures better.

Re:Is there a future for PGP?

What is the point of web-mail with PGP when yahoo/aol/google know your private key?!

Re:Is there a future for PGP?

[Ramses0]

Most people don't know / care enough to have an informed opinion on the subject. Plus, would you rather have AOL/Yahoo! manage your public / private keys, or have "c:\program files\PrivateKeys" be snarfed by every spyware / virus program on the planet?

And it's not about having encrypted webmail, it's about AOL / Yahoo! providing *identity services* through the use of symmetric encryption and challenge / response. All the identity services we have nowadays are one-way. By adding in the symmetric portion, instead of slashdot -taking- my password, slashdot can -give me- something that only I should be able to decode.

--Robert

Re:Is there a future for PGP?

[joeljkp]

Speaking of the "web of trust" concept - I've always viewed it as trusting keys that you've personally verified with the owner, trickling out slowly as networks grow.

When I submitted my key to this story's server, though, I got a message at the end telling me to trust the server's verification key, and thus all keys verified by the server.

I don't really have a good concept of how this stuff works, so I'm wondering - is that a good (safe) idea?

Re:Is there a future for PGP?

[hoeferbe]

On Thu December 09, 19:12, joeljkp (254783) wrote in message #11047575:

Speaking of the "web of trust" concept - I've always viewed it as trusting keys that you've personally verified with the owner, trickling out slowly as networks grow.

PGP uses the word "trust" to mean two different things, which has caused me (and I suspect others) some confusion. The first definition is "trusting" that they public key you received is actually the public key of the person whom you wish to communicate with. I've seen this type of trust referred to as the key's verification/validation, as in "Yes, this has been verified as being Alice's public key" or "This is Alice's valid public key." Although I don't think "verified/validate" is the best way to describe this, but I think it is better that "trust" since that gets confused with the second definition.

A key's verification/validity is marked by you digitally signing it (with your private key).

The second definition of "trust" is in how much you trust another person to declare third person keys as being valid. How much do you "trust" someone else to verify another's public key? "Alice has signed Bob's public key. I know Alice is very security conscious, and is adamant about personally verifying key fingerprints before she will digitally sign a key. I trust her, so if she says this is Bob's key, it must be!"

The amount of trust one can hold in a person's key can vary between "not at all" to trusting it as much as their own private key.

When I submitted my key to this story's server, though, I got a message at the end telling me to trust the server's verification key, and thus all keys verified by the server.

I don't really have a good concept of how this stuff works, so I'm wondering - is that a good (safe) idea?

If what you wrote is true, then no, it is not a good/safe idea. In fact, I'm very surprised that the PGP people would post such a message.

After reading the PGP Global Directory description and the Key Verification Policy, it is clear PGP Corporation is not verifying/validating who the people are behind the e-mails. ("...PGP Global Directory allows users to manage lost keys...") For example, I can setup the e-mail address "LinusT@hotmail.com", create a PGP keypair with that e-mail address and "Linus Torvalds" in it, and send it to the server. Although the server will verify that that e-mail address is the owner of the key, it does not verify I am really Linus Torvalds.

Since no true verification/validation is going on, it would be inappropriate to "trust" the server keys as having verifying/validating all those user keys. I am very surprised, especially in light of that Key Verification Policy, that the server would give you that message after you submitted your key.

Re:Is there a future for PGP?

There's no point in using PGP's "web of trust" model with Yahoo/Hotmail. SMIME would be a much better fit to their businesses (even ignoring the fact that SMIME "just works" in most mail clients and PGP doesn't).

Re:Is there a future for PGP?

[gad_zuki!]

You're absolutely correct. S/MIME is easier, works great, and is supported by most mail clients. This should be what the privacy community should be pushing for, not the PGP bloat package. Yet...

The advantages of PGP and its clones are in its local disk encryption, not necessarily email. PGPdisk can encrypt a whole partition. Encrypting local files with your own key. etc.

The problem is incentive. Why should Joe User make a cert? How can he be conviced its in his advantage to do so?

PGP hasn't taken off and neither has S/MIME. That's just wrong.

Backdoors?

[gmknobl]

Are there backdoors? And if there are not, what will Homeland Security or the like try to do about it?

Can they do anything about it, realistically?

Have I completely misunderstood this (a common event, unfortunately) or will this be one of the few ways of having as close to true privacy as we can realistically get?

Re:Backdoors?

[rdieter]

Doesn't matter. This is a directory for public (ie, the non-private portion of) OpenPGP keys, which are/should-be publically available anyway. Else, why use public/private pgp keys at all?

Re:Backdoors?

[essreenim]

I think more the latter:

..one of the few ways of having as close to true privacy as we can realistically get

And please dont call it "homeland security". It's more "civil rights management" or "civil restrictions management" depending on your opinion. One thing for sure is that something which is such a popular catch phrase for counter-terrorism has no real association with the comfort of a "home" - the place you come from. In fact I find that it is those people who are most cynical and paranoid (homeless like in other words) that are throwing that slogan around like a contraceptive. At least thats how I feel in my "home" land - Ireland.

Sorry if you think Im trying to flame you, I am not. Im trying to encourage you not to use that word - which has false interpretation, muck like the infamous DRM acronym...

Re:Backdoors?

The problem is that you need to make sure the public key belongs to the recipient/sender you are communicating with. Anyone who can intercept traffic to/from this server can put himself in the middle of your supposedly private conversation. The web of trust is a way of eliminating/reducing this threat, but that means people have to actually go out and have their keys signed in real life. Encryption with authentication is useless.

Re:Backdoors?

[JimDabell]

Are there backdoors?

It doesn't matter. Keyservers are merely a method of distributing keys, not establishing trust. You can establish trust by a number of methods, such as manually verifying the fingerprint with the person yourself using a trusted medium (e.g. face to face) or having somebody you trust sign the key (after verifying their key, of course).

The real danger to public key cryptography taking off is that it will become commonplace to simply trust keys without verifying them. Everyone will feel more secure, but the security will be an illusion.

Re:Backdoors?

Dammit. Encryption WITHOUT autentication is useless. I need to start reading the preview.

Re:Backdoors?

[wwest4]

> Encryption without authentication is useless.

That's not strictly true. What if you don't care who is listening? E.g. Blacknet.

Re:Backdoors?

[XMyth]

Yes, you've mis-understood it. This just makes a central repository for OpenPGP keys. No private information will be storedo n the server...it's a directory. It will not store private keys.

Re:Backdoors?

[phoenix321]

People listening to you need a reliable authentication that they are listening to the right "wwest4" in your case, not someone imposturing you.

Speaking tongue-in-cheek, you better make sure everyone is listening to the correct "you" when giving out calls for revolutionary action or otherwise your followers might be guided by the wrong person and end up torching err I mean protesting at some other building or they'll be directed into an amsbush or directly into jail, without collecting $200. ;)

Re:Backdoors?

[gmknobl]

Okay, won't use it. Too reminicent of Nazi Germany anyway, re: "Fatherland" (ooh, and there are many other scary parallels too, nowadays). But I digress. To stay on subject, read on.

The idea I was trying to get across was that U.S. government, pre-Bush II, was upset about PGP's system anyway and wanted a "backdoor" way, or the equivalent, to decrypt the messages sent from one party to the next. Of course, now, they'll want that, likely without a warrant - just on their say-so.

I don't like that, of course, not that I use PGP. But the idea burns in my liberal minded brain and makes me angry. I figure, it ain't their business what I'm sending unless they can prove, to a high standard, that something criminal is occurring.

Re:Backdoors?

[wwest4]

> People listening to you need a reliable authentication that they are
> listening to the right "wwest4" in your case, not someone imposturing you.

They do - the public key itself is the unique identifier, not the pseudonym. If the public key doesn't verify the sig, then the message is signed with a different private key - end of story.

Re:Backdoors?

Very often the listeners need to know who's talking. They have to use an external verification method to link a certain public key to you. Of course this comment and almost all of Slashdot is an example for a situation where authentication doesn't matter. When the content of the message is all that counts, authentication of the senders or recipients is irrelevant, yet anonymity can still require cryptography. Mixmaster networks however require that you trust the remailers. Strictly speaking this requires that you authenticate your entry point into the remailer network.

Re:Backdoors?

[wwest4]

> They have to use an external verification method to link a certain
> public key to you.

Yes, yes, the contemporary real-world paradigm is that we need to know which physical person belongs to a public key, but my original point is that there are cases where this is not true (hence the "strictly" qualifier), and the public key becomes the identity. In this case, you do not need to worry about the remailer, the DNS, the pseudonym, or anything else other than the signature and your list of public keys (barring the compromise of the source private key, but that's a separate issue).

Re:Backdoors?

It matters a lot if, let's say, you encrypt a sensitive email with a fake public key not belonging to the person you think it is. The attacker can read your sensitive info, re-encrypt your message with the real public key, and re-submit your message to the intended recipient. You just leaked sensitive info and have no clue about it.

Re:Backdoors?

[JimDabell]

It matters a lot if, let's say, you encrypt a sensitive email with a fake public key not belonging to the person you think it is.

No, it doesn't matter in the slightest how you got the key. PGP operates under the assumption that it's not practical to always use a trusted medium to exchange keys. It doesn't trust keys by default.

PGP uses the concept of a "web of trust" to decide whether you should trust a key or not. If you can securely verify the legitimacy of a public key, then you can sign it, so that people who trust your judgement can also trust the key. In reverse, you can trust keys that people you trust have signed.

How the keys are transferred is completely irrelevent to this mechanism. You could download a public key from Gnutella or Usenet, and as long as it's been signed by somebody you trust, or you can verify the fingerprint over a secure medium, it's trustable.

So, your scenario would play out as follows:

1. Download "trojan" public key.
2. Not signed by somebody you trust? Throw the key away.
3. Signed by somebody you trust, but the signature is invalid? Throw the key away.
4. Signed by somebody you trust, and the signature is valid? The key is trustworthy.

The balance between how practical and how secure your web of trust is depends on how much trust you place in others. It doesn't depend on the medium you transfer keys under in the slightest. That is why it doesn't matter if there are backdoors in the keyserver. No amount of tampering with it could make the web of trust any less secure.

If you think about your line of reasoning, if what you said were true, PGP would be pretty damn insecure to begin with, as you'd necessarily be trusting an external entity (the PGP keyserver admins) with all your communications.

Re:Backdoors?

It doesn't matter. Keyservers are merely a method of distributing keys, not establishing trust. You can establish trust by a number of methods, such as manually verifying the fingerprint with the person yourself using a trusted medium (e.g. face to face) or having somebody you trust sign the key (after verifying their key, of course).

I beg your pardon? It doesn't matter if the government has easy hooks to play man in the middle by giving *their* set of keys for users? Sure, it's detectable (with extra work), but most people would trust the keyserver initially and not bother to check with the other user. The feds could easily implement other man in the middle attacks such as phone redirection as well. You email the feds unknowingly, putting the key ID of the key you think is the correct one in the email, assured that will save you. The feds decrypt, change the key ID, forward it along encrypted to the correct user, tada. You call the dude one day, but lo and behold your phone call rings in the FBI office and you talk to an FBI agent about the key ID. Certainly you aren't going to discuss anything secret to authenticate yourself over the phone, that's what encrypted email is for. When you hang up, the feds call the real end user and play you to them. I imagine it's been done before with relative ease.

This problem will *never* go away until people are named by their public keys and use them all the time in day to day life. Then the web of trust will be so strong that there will be no way to effectively play MITM. Of course, then double agents will make big money playing the same games they always have.

Re:Backdoors?

[enigmathegreat]

That's why people can check the fingerprint with each other. Of course, that's yet another hassle to deal with...

Re:Backdoors?

[JimDabell]

I beg your pardon? It doesn't matter if the government has easy hooks to play man in the middle by giving *their* set of keys for users?

No, it doesn't. PGP's whole web of trust is based around avoiding man-in-the-middle attacks. If you are susceptible to man-in-the-middles from server intrusions, it means that you aren't using PGP correctly, in which case, you are already susceptible to man-in-the-middles, and whether or not the government happens to have access to the server is irrelevent.

Sure, it's detectable (with extra work), but most people would trust the keyserver initially and not bother to check with the other user.

Well then they've thrown away the security that PGP provides, haven't they? PGP keyservers have never been trustworthy. The whole concept of an external organisation being trusted to provide you with authentic keys is flawed, which is why PGP was never designed with that as a requirement.

PGP's defaults are the real problem.

[nlinecomputers]

Every PGP new user has done it. Created a brand new key while learning the program and forgot the passphrase. There are hundreds of unused keys that was created and never used but can never be deleted because they don't expire.

Had PGP's defaults been for a 1 year key instead of infinite this wouldn't be an issue.

I always create 1 year keys but I've got a couple of key out there over 10 years old that I FUBAR'd that'll never go away.

Re:PGP's defaults are the real problem.

well... that's why you should really make a revocation certificate when you make your key.

that way, if you lose the secret key or the password for it, you can issue the revocation to let people know the key is no longer in use.

A good writeup of pgp and enigmail setup is available here:
http://enigmail.mozdev.org/gpgconf.html

Re:PGP's defaults are the real problem.

[nlinecomputers]

Yes you should but that is part of the problem of the defaults and the bumps and problems of new users to PGP. You tend to figure out the need for a revocation cert AFTER you've let a dead key loose. D'oh!

Re:PGP's defaults are the real problem.

[I+confirm+I'm+not+a]

IIRC (I read TFA, what, like, over 15 minutes ago!) this new key-server deprecates keys that haven't been updated in the past year.

Re:PGP's defaults are the real problem.

[mightypenguin]

iF you'd even read the paragraph summary at the top of this story you'd see that it's easy remove keys from this central registry if you have control of the email address associated with them. But I agree that in the past this has been a real problem.

Re:PGP's defaults are the real problem.

[nlinecomputers]

Yes I read it. You missed my point. Had they designed the program better they wouldn't need to design the key servers better. That was my point.

Even with a new keyserver design the client side program still after over 10 years defaults to no time limit keys and doesn't create a revoke certificate automaticly. Which means that fubar'd keys are still going to be generated far to easy. Things like this are why this program never gained popular use.

Re:PGP's defaults are the real problem.

[kalidasa]

Thank you all for making me feel like less of an idiot. I did this very thing when I first started using PGP many years ago.

Re:PGP's defaults are the real problem.

[mightypenguin]

And just how do you make it so the program does things better? If you default all keys to die in two years then you have to get all the signatures by other people again for your new key, and all the people using your old key have to reaquire you key again. Those two things are a huge hassle.

Doing key verification and revokationg via a server is the only sane way to do this. So having keys that never expire or expire after say, 10-20 years and are checked regularly against the server is the best way.

Re:PGP's defaults are the real problem.

[nlinecomputers]

Well first I am talking about defaults. Not settings locked in stone. If you want lifetime keys you can still do so.

And having a central server decide whether or not your key is still valid is not much different then have Verisign do so. If you going to have a central authority validate keys then what's the point of PGP anyway? I can do this with s/mime now. The whole point of PGP is to NOT have a central authority but a web of trust.

Re:PGP's defaults are the real problem.

[mightypenguin]

You're right, that is what PGP has been all about. And that is also why it never took off. It's too much of a hassle for people to distribute/verify keys and also to revoke them. In order for something like PGP to be used it has to be ubiquitous. With P2P key sharing this will never happen.

Oh great, spammer heaven

[phr1]

Fantastic, a global database of cryptographically authenticated email addresses that have been tested to reach a real person.

We need a new key format, that doesn't have a live email address but instead has a hash of one. You'd send the address separately so it could be compared against the hash. There'd be salting to stop brute force searches. The database server could then still verify all the addresses (by sending emails out) but the actual email addresses would stay unpublished.

Re:Oh great, spammer heaven

[andkaha]

I don't think that the email addresses has to be valid, or even present. The person signing a key only has to be sure of who the key belongs to.

Re:Oh great, spammer heaven

[bazmonkey]

The database server could then still verify all the addresses (by sending emails out) but the actual email addresses would stay unpublished.

As others have pointed out, a keyserver isn't a directory of e-mail addresses and keys. You can't hop onto the site and somehow "browse" through the keys. The search function returns 1 positive match per search. IOW, you would need to know about the address before you could find it. "Brute searching" would be a fruitless waste of time and money for a spammer.

Re:Oh great, spammer heaven

You only get 1 response per search, you have to know the e-mail to get the PGP, or brute-force.

Re:Oh great, spammer heaven

You can't hop onto the site and somehow "browse" through the keys.

Well, maybe YOU can't. As PGP, Inc. is a company trying to earn money, i guess there will soon be a browsable directory, if Mr. Spammer just pays enough.

Costs

[razmaspaz]

I don't know much about PGP, admittedly I don't use it, although I know how to create keys. Wil lthis service be free? I looked at the site and did not see a cost structure. Will we pay for every use of the server? How does this work(Not PGP, but the service)?

Re:Costs

[someone0012]

http://download.pgp.com/products/pdfs/PGP-Global_D irectory_Whats-New_041206_F.pdf

"The PGP GLobal Directory is a free service designed to make it easier to find and trust the universe of PGP keys."

Load testing

[lorcha]

Who needs to load-test a server when you have slashdot to do it for you?

Re:Load testing

[Xandu]

Who needs to load-test a server when you have slashdot to do it for you?

Looks like they didn't pass the test.

Encrypted Spam?

[4of12]

So if I'm willing to post my public key and verify every 6 months that I'm the same live email responder at the other end, then what assurance do I have that encrypted email sent to me isn't spam?

Since the MTA's can't read my mail for spamminess if it is encrypted, the spam filter responsibility will be for my local email client with a set of my cached private key so it can decrypt and trash those herbal viagara offers.

Re:Encrypted Spam?

[I+confirm+I'm+not+a]

So if I'm willing to post my public key and verify every 6 months that I'm the same live email responder at the other end, then what assurance do I have that encrypted email sent to me isn't spam?

Another way of looking at it is from the "cost" of spamming - encrypting a spam "costs" the spammer, hence recent suggestions for charging mail-senders in CPU-cycles. Additionally, you'd be able to verify whether you held the spammer's public key on your keyring, and very easily "process" (ie. delete with extreme prejudice) encrypted emails from unknown senders.

Re:Encrypted Spam?

[Frank+T.+Lofaro+Jr.]

Spammers won't sent you encrypted mail.

It is way too computationally expensive.

Spam programs are designed to work extremely fast, using very little CPU to send a message.

That is why things like hashcash would work, they'd make it economically unfeasible for spammers.

Encryption takes quite a bit of work (just less than unauthorized decryption :)

Re:Encrypted Spam?

[TheLoneCabbage]

Asymetricly encrypted emails are rarely actually encrypted. They are signed. which is that I mearly provide an encrypted hash of the email, to prove that whoever sent it, has access to the private key.

The keys themselves can be signed by a master key, by o' say PGP's new website. (this does not require the PGP website to have a copy of the private key)

What this meens is they could give the signing service away for free to individuals, in order to create a defacto standard. But then charge legitimate bulk emailers for the privlege of their service. PGP becomes the arbiter of who is spam and who is not. In exchange they get to charge for permission to send bulk/commercial mail.

Sounds like a good buisness plan.

Of course, I'll have to RTFA once the /.'ing stops.

Re:Encrypted Spam?

[guet]

very easily "process" (ie. delete with extreme prejudice) encrypted emails from unknown senders.

But doesn't that kind of go against the whole point of a public keyserver (people not on your keyring can look up your key)????

Re:Encrypted Spam?

[I+confirm+I'm+not+a]

But doesn't that kind of go against the whole point of a public keyserver (people not on your keyring can look up your key)????

I think the rationale is that keys "go dead" (elsewhere in this thread someone mentioned that "everyone" creates a key when they're first getting into PGP, and then forgets the passphrase. Naturally, this leads to keys of limited or zero value published on the keyservers.

...and, of course, people will still be able to look up your key - if you keep it up-to-date.

Re:Encrypted Spam?

[Rich0]

Well, you could just delete all unsigned mail, and then have a 3rd-party database of bad email signers (similar to current IP-based spam databases).

If spammers had to sign their mail with a key published in a directory, it would greatly diminish their ability to camoflage the sender.

Plus, the keyserver could only allow a limited number of key submissions per day from a given IP - so the spammer needs a bunch of IP addresses to send mail from more than a few addresses per day.

Plus the spammer has to do extra computation and verification work for each group of emails they send out - the key server could require a Turing test for each key submission.

Re:Encrypted Spam?

[tepples]

If spammers had to sign their mail with a key published in a directory

Then the directory could charge arbitrary rates to admit members, or the makers of mail user agents could charge arbitrary rates to admit directories.

Re:Encrypted Spam?

[Ronin+Developer]

Require encrypted e-mail to have a digital signature. If the sender is who they say they are, then you will be able to verify the signature.

If they aren't, the signature is bad and you can just delete it.

Or, if the signature matches but is on your black list, again, you can just delete it.

Best part is never having to see what it was they were sending you in the first place as it is encrypted (unless you want to).

SPAM problem solved.

Maybe.

The trick is get a distributed key respository so that one doesn't get abused or subject to a DDOS.
Who's willing to fund that?

Re:Encrypted Spam?

[Rich0]

I doubt that would happen. Can existing anti-spam directory services (that either track messages or IPs or whatever) charge arbitrary rates? Most are free now.

SSL certificates are essential for e-commerce, and SSL certificate providers don't charge arbitrary rates either. And almost every browser out there lets you add your own certificate authorities (which is often used by companys for intranet use - no sense paying Verisign for internal websites when you can just install your own CA cert on all your workstations).

There is really nothing mandatory about any of this - I'm just saying that if all my legitimate mail happened to be signed already, then I'd be a fool not to use that to my advantage when spam filtering. Obviously it would only work if people started signing by default, and having free mail-address-only verification services would greatly help...

Hell yeah...

[danielrm26]

Dead keys age off the server, and you can even remove keys if you forget the passphrase.

Thank Jesus.

Re:Hell yeah...

[Michael+Dorfman]

If I forgot the passphrase, how do they know it's really me trying to remove the key from the server, and not some Joe-job?

Re:Hell yeah...

Revocation certificate. You created one when you created your key, didn't you?

Re:Hell yeah...

[Michael+Dorfman]

Revocation certificate. You created one when you created your key, didn't you?

Let's see. According to the hypothetical, I'm the kind of person who forgets his pass-phrase. What do you think are the odds?

Re:Hell yeah...

[JeffWhitledge]

Through a verification email.

You in the back of the class, wake up!

First overcome lazyness.

[StrawberryFrog]

PGP's been around for years, and hasn't taken over. Layness is a powerfull force - self-preservation has to work hard to overcome it.

Re:First overcome lazyness.

[Doc+Ruby]

As your typo proves, the strongest force in human communication is "it works anyway". Until there's a critical mass of people with whom other people need to use encryption to communicate, we'll be stuck with the problems of postcards and undefined trust.

Re:First overcome lazyness.

zzzzzzz

If this site can be Slashdotted...

[jdludlow]

...what are the chances that it's going to hold up to millions of email clients all trying to access keys at once?

Re:If this site can be Slashdotted...

Millions? Apparently you haven't used PGP.

Re:If this site can be Slashdotted...

[Just+Some+Guy]

Extremely good, especially since:

1. GnuPG caches keys in its local keyring, so you'll only have to retrieve foo@example.com's key one time.
2. pgp.com seems to have good connectivity.
3. They are hardly the only public keyserver currently in operation. Other servers cope with the load just fine, so it's probably that pgp.com's servers will also.

out the window

and yes the new server it out the window! /. effect in effect.

Re:out the window

[Frank+T.+Lofaro+Jr.]

Perhaps Homeland Security thought the PGP keyserver was a threat and had an article about it posted to Slashdot. If so, it apparently worked. :)

Now where is my tinfoil hat?

Re:out the window

Oh sorry, I was using your tinfoil hat as a fullproof diaper.

Centralization

[hey]

The nice thing about PGP/GPG is that it is decentralized! You don't need to obtain a "certificate" from any big-bad central authority.
But now this move centralizes things - yuck.
If you want to send PGP mail to/from a friend,
just mail public keys to each other.

Re:Centralization

[Morosoph]

In fact, the point is to be "policy free" with regard to hierachy. There are already several keyservers.

The idea of a public key is that anyone can contact you securely, and out of the blue! There is no need for unencrypted traffic. For there to be an exchange of keys requires that you make yourself visible and to some extent, identifiable.

The "public" in "public key cryptography" is so-called because the idea is that keys are published, not merely privately exchanged.

OpenLDAP keyserver?

[nakhla]

Does anyone know of any OpenLDAP schema files that could be used to create a PGP keyserver using OpenLDAP? It'd be great to have an internal keyserver for our organizational PGP keys without having to use proprietary products.

Re:OpenLDAP keyserver?

[weaselp]

http://keyserver.noreply.org/~weasel/PGP%20Keyserv er%20Schema/

Re:Centralization (mod parent up!!)

Yeah, I think Phil Zimmerman should be doing something about this. I thought the whole point of PGP was to stop people from invading your privacy.

Re:Centralization ??

[jimbro2k]

Good point, but this just provides a central option . You can still do a private(?) exchange of public keys with your friends & not friends, or do both..

Can a central repository bring security?

[cesarbremer]

A central repository of public keys can bring problems, for example, if the central repository is located in USA and the FBI want to do a man-in-the-middle attack? How can you be assured that the public key from the guy you want to send a encrypted message is realy the correct public key? I don't know better solution than having a lot of servers in different countries, under different governments controls and laws, and when the user do a search, he can do the search in a lot of servers. How about having servers in USA, China, France, Germany, China, Finland, North Corea......, and the user can search the user public key in all these databases? When storing the public keys, why not the user store his keys in these distributed servers? Can you really believe that storing your keys under one company control can bring security?

Re:Can a central repository bring security?

If the sender signs their message, wouldn't it not be possible for the FBI to re-sign it once they open it, read the message, and forward it to you?

I understand that they've already got the content of the message at that point, but at least the recipient would know about it once they got an unsigned, but encrypted, message.

Re:Can a central repository bring security?

[Gemini]

A central repository of public keys can bring problems, for example, if the central repository is located in USA and the FBI want to do a man-in-the-middle attack? How can you be assured that the public key from the guy you want to send a encrypted message is realy the correct public key?

That's not how PGP works. Just because a key comes from a particular keyserver doesn't mean that it is the right one. A keyserver just provides a convenient place to stick keys. The web of trust (which is local to your machine) tells you if a particular key is to be trusted or not.

This new keyserver doesn't change that. It just provides a convenient way to weed out clearly invalid keys so you don't have to bother with them. It's also opt-in: if you don't like that feature, use one of the many other keyservers out there located across the world.

Re:Can a central repository bring security?

[dbitch]

Well, sure, the FBI could implement a man in the middle attack, but if you're that paranoid (or interesting) that the FBI would want to do that, then you'll be signing your keys with direct exchange anyway. It's all a matter of how much security you want. If you don't want sysadmin Joe to read your mail, then you'll be encrypting it, but you're too lazy to sign the person's key you're sending it to. If, however, you're dealing in drugs, or, *gasp* something more dangerous (like dubya might want your head) then you'll be damn sure that your keys are signed, and that they're NOT publicly available.

Really, there are easier ways to break public key encryption if you haven't taken the necessary precautions - all the FBI has to do is install a keylogger and they have your passphrase, sieze your computer and they've got your private key - what more do they need to BE you? You also need to consider those problems on the recieving end too. Those are all order of magnitude easier than cracking a good 256 bit blowfish.

Central servers make it easier to prevent CASUAL perusal of your mail, nothing else. If they're sophisticated enough to mount a man-in-the-middle, then they can install a keylogger too. So I don't think that this is a terrible idea.

Re:Can a central repository bring security?

[Just+Some+Guy]

if the central repository is located in USA and the FBI want to do a man-in-the-middle attack?

Not unless you're amazingly trusting of the repository. Read up on the "web of trust" and how to personally verify the keys you're using to send messages.

For example, my pubkey has been signed by several friends, and I have signed their pubkeys in kind. If I get a signed email from Charlie (whom I don't know), but his pubkey has been signed by Bob (whom I do know) using his key that I myself signed, then there is a direct path of trust between Charlie and me. If I believe that Bob is an honest guy who wouldn't have signed Charlie's key without personally verifying his identity, then I have cause to that key.

It's hard to explain the web of trust without making it sound more complicated than it really is. It's somewhat analogous to a friend introducing you to a person you've never met before. If your friend is very gullible, then you won't put much confidence in the ID of the person they're introducing. If your friend is, say, a loan officer who just spent the last month vetting the new person's identity, then you can be reasonably sure that they're giving you accurate information about that person.

Which brings us back to your question. If you're corresponding with a new contact with no trust pathway to that person, then you have exactly zero reason to believe in their identity simply because they were able to download GnuGP and create a new key. However, if that new person's key was signed by Alice, whose key was signed by Charlie, whose key was signed by Bob, whose key was signed by you, then you have at least some reason to think they're who they say they are.

There is no real concept of blindly trusting a new person in real life. GnuPG does not magically change this.

Re:Can a central repository bring security?

[lildogie]

> if the central repository is located in USA and the
> FBI want to do a man-in-the-middle attack?

This kind of abuse would eventually be proven when the two endpoints of the communication demonstrated that they were given different public keys for each other. Then the FBI _and_ the key service would have some 'splainin to do, not to mention that the key service would be out of business.

Same principle as Open Source code being secure: someone will eventually find out.

Re:Can a central repository bring security?

[Frank+T.+Lofaro+Jr.]

The laws are more allowing of the FBI performing unauthorized (by you) decryption of your files than they are of pretending to be you.

Getting your private key and reading your files is one thing.

Posting under your name and forging your signature is quite another.

Re:Can a central repository bring security?

[dbitch]

What's the difference? When they have your private key, and they have your passphrase, they can do BOTH. I guess that was my point - even if they don't want to forge your name, they still have everything they want to know. It really doesn't help if they can impersonate the person on the other end if they can't decrypt your reply, encrypted with the posted parties key.

Re:Can a central repository bring security?

[Artifakt]

Your explanation for the web of trust is cogent, well grounded in reality and still manages to capture the essentials of the process. Nicely done , Sir! One nitpick, however:

In Alice and Bob explanations, the C party is usually Carol.

Here's a wiki entry that discusses real life as it applies to cryptography. Its arguements parellel and support some of yours nicely, while also explaining Carol, Dave, and the others.

http://en.wikipedia.org/wiki/Alice_and_Bob/

Re:Can a central repository bring security?

[cesarbremer]

The question remain, this central repository don't help mutch protecting your privacy, i think it makes the things worse, mainly because the users could think that they are safer. Not talking about hackers attacking one computer is a lot easier than attacking a lot of computers under different protection levels and different owners. What i say is, having a lot of key servers under different controls and under different countries only makes the security better, but if you want a light security, this can be your choice, but i think we deserve more than that. If the users have pgp, i think they want privacy, having their secrets and their personal data safer against anyone who want to break their privacy. Our duty is do the better, ever.

Re:Can a central repository bring security?

[lamber45]

Actually a central repositor can add security. For instance, if I recieve e-mail fron juansanchez11@yahoo.com.mx, and it's not PGP signed (or I can't verify a chain of trust from known signatures), I don't really know anything about who sent it. If I examine the headers (at least after SPF is implemented), I can determine whether or not someone actually used the Yahoo service to send it, but I still have no idea *who* sent it. I don't even know whether they read their email, and I have no clue as to whether their name really is "Juan Sánchez". The new PGP.com free directory will make it a little bit faster to check whether the e-mail address part of a UID really is a valid e-mail address.

On the other hand, consider the address weisong@cs.wayne.edu. Visit www.cs.wayne.edu/~weisong, and you'll see his homepage. Look at the CS deprtment's list of faculty, and you see a link to that page. Wayne State University is an accredited institution listed, among other places, on the U.S. News & World Report site, and their campus directory has a link to their CS department. Since Dr. Shi is a professor, the department probably did a minimal background-check before hiring him, and you can trust his identity (at least minimally) based on his e-mail address.

Incidentally, I'm sure this directory would be useful to Dr. Shi; even though he teaches computer security, he's lost the passphrase or digital private key for all four of his public PGP keys, and he either never generated or subsequently lost the corresponding revocation certificates as well.

Re:Can a central repository bring security?

[Rich0]

Since Dr. Shi is a professor, the department probably did a minimal background-check before hiring him, and you can trust his identity (at least minimally) based on his e-mail address.

Assuming the email address isn't spoofed...

My usual approach for trusting keys is to see if the same key gets used by the same address over a long period of time, with general acceptance by others (this works well on mailing lists at least). If so, then it is probably trustworthy.

I never trust a key the first time I see it, since it could have been published by anyone.

In any case, it is best to view keys as a verification of an online persona, and not necessarily a true picture of who is typing at the keyboard (unless you've done your key verification offline).

The expense of verifying real-world identities is why there aren't free SSL certs out there...

Re:Can a central repository bring security?

[Just+Some+Guy]

Thanks. I was in a bit of a rush out the door and I couldn't remember C and D. I was going to mention something about FBI Agent Mallory, but didn't want to confuse the issue. :)

Re:Can a central repository bring security?

[m0nkyman]

People seem to be missing something here; The Web of Trust. It's nice to have the central server for low security things like signing of unimportant messages etc., but for real secure messaging, it's best to physically meet and exchange public keys on paper. That's the only time that I will sign someone's public key on my computer. Otherwise, I don't trust it 100%.

That's why PGP/GPG both have levels of trust built in. 100% trust is for one's that you have absolutely verified, scaling down to casual checking to verify a signature on an email on a public list.

Re:Can a central repository bring security?

[Rhinobird]

I think a cntral signatory agency would be kinda neat. If I could walk into my local post office or DMV with my drivers liscence and public key and have them sign it. Then, if I get an email from some 'Carol' or 'Charlie' that none of my friends know, I can at least verify that he is who he says he is.

Then again, that could be business opportunity...imagine the same thing but with, like, kinko's. Walk in with a valid picture ID, and for a small fee ($2?) they'll sign you're public key.

Re:Can a central repository bring security?

[Just+Some+Guy]

I think a cntral signatory agency would be kinda neat.

That's pretty much exactly what x509 is. You pay Verisign to issue a signed certificate to you, and anyone who trusts Verisign's verification procedures can then trust that you are really you.

I've always thought that would be an obvious Digital Age upgrade to the services provided by notary publics. Their seal is already valid on all sorts of contracts and legal documents, so why can't they also be taught to use PGP to sign public keys?

Re:Can a central repository bring security?

[Eisvogel]

I've always thought that would be an obvious Digital Age upgrade to the services provided by notary publics. Their seal is already valid on all sorts of contracts and legal documents, so why can't they also be taught to use PGP to sign public keys?

As far as I know are digital notary signares are valid in Germany.

http://www.bsi.bund.de/literat/faltbl/F10Elektroni scheSignatur.htm (in German)

Re:Can a central repository bring security?

[FirstTimeCaller]

...if that new person's key was signed by Alice, whose key was signed by Charlie, whose key was signed by Bob, whose key was signed by you...

If you go back far enough, I think you'll find that the key was also signed by Kevin Bacon.

Re:Can a central repository bring security?

There is no real concept of blindly trusting a new person in real life. GnuPG does not magically change this.

Excellent point. Everyone seems to be enamored of PGP because they assume it will everyone to talk to everyone else without fear of reprisal or snooping. But that just isn't the case. No one in their right mind would take to a large majority of people on earth about their private thoughts or possibly dangerous anti-government sentiment. PGP can guarantee nothing that isn't guaranteed by existing human relationships. Suppose you want to use PGP to construct a secure communications network between agents attempting to overthrow a government. It's still possible for any one of those agents to be a double agent, and being able to individually identify them doesn't alter that fact in the least. PGP is, at best, a way to identify possible spoofing and MITM attacks and automatically handle key management. It's a tool, nothing more. If anything, Freenet is more powerful, since it offers (some) anonymity. But it will never be useful if it's only run by a few individuals who would be suspects anyway. Freenet combined with PGP is useful, but steganography in usenet posts is probably about as anonymous anyway.

What people want, I think, is a way of finding people they agree with and *can* trust, which PGP is not. I would say the best method for doing that is to have a fully anonymous communication mechanism. That way anyone can say what they want, and anyone can agree or disagree without reprisal. Those who agree with each other can then begin posting signed posts to establish their identity, and off-line methods of identification can be established. If people are worried about the government interfering at this point, they would to well to consider what they are actually trying to accomplish by communicating with other people. If they are trying to simply find like minds to vent about problems, purely anonymous communication will suffice. If they want to make clandestine plans with each other, they should consider the much more likely possibility that the other party is a government agent, instead of the low probability that the government is reading their emails. It has always been easier to inject real humans into secret societies than it has been to intercept messages between members of a secret society.

Re:Can a central repository bring security?

[lamber45]

Assuming the email address isn't spoofed...

That's what Sender Policy Framework and DomainKeys are designed to stop.

The expense of verifying real-world identities is why there aren't free SSL certs out there...

Actually, CAcert gives out free SSL certificates, if you can successfully interact with their web of trust.

Now, the PGP Global directory could certainly be subject to man-in-the-middle attacks if a malicious third party can actively read and respond to at least some of your incoming e-mail. That party could upload a bogus key and respond to the confirmation-request for you, then read things sent to you. Of course you'd find out when you saw strange unreadable signed messages coming to your account...

I also don't like the essage I got from the beta keyserver after I submitted my key today:

To ensure that your PGP software trusts keys verified by this directory, you must download and trust this directory's Verification Key.

Download the Verification Key

After downloading, import the Verification Key into your PGP software. Then, sign the key with your key and mark it as Trusted. Please see the documentation for your PGP software for specific instructions on trusting a key.

The directory seems like a highter-quality way to get keys, but I don't want to trust it *that* much; on the other hand, the Key Verification Policy seems to cover the same concerns that have been expressed here.

OT: WOTSAP

[m50d]

I've found that the pgp wotsap has been down recently. Is there any other site that will do the same thing, i.e. find a path from my key to a key I want to trust?

Keyserver Summary (Article Link Text)

[shaneh0]

New PGP Global Directory

The PGP Global Directory is a free service designed to make it easier to find and trust the universe of PGP keys. The PGP Global Directory replaces the current public PGP Keyserver, facilitating worldwide key management and access for all PGP users. Following are the main features and benefits of the new PGP Global Directory:

* Verified directory of PGP keys Every 6 months, PGP Corporation will notify the email addresses associated with the keys in the PGP Global Directory to verify users' desires to have their keys publicly available.

* Increased trust Users will be actively managing and verifying the availability of their keys in the PGP Global Directory so other PGP users will know that available keys have been validated within the last 6 months.

* Automatic posting of PGP keys Users no longer have to take the manual of step of posting a new key to the new PGP Global Directory. Active users' keys will be automatically migrated to the PGP Global Directory, increasing the likelihood of receiving encrypted messages from other PGP users.

* Default searching of the PGP Global Directory Future releases of PGP products will automatically default to searching the PGP Global Directory. If a PGP key is posted publicly, PGP products are designed to find it.

* Easier to send encrypted messages Another option introduced in new PGP products is to automatically encrypt a message if a PGP key is found. This new functionality makes it easier for the worldwide community of PGP users to send and receive encrypted emails.

For complete product information, download the PGP Global Directory data

A Big Step...

[shaneh0]

Perceived Value is very closely tied to percieved scarcity. As people begin to *realize* that their privacy is as scarce as it actually is, people will begin to value their privacy ergo encryption.

Feeding that will be dirt simple encryption applications that make it so EASY to encrypt and decrypt that you might as well do it. (Like, for example, the application I'm finishing right now but refuse to plug until it's released)

The biggest problem now is that if a developer wants to include Public Key encryption abilities in has app he has to create an entire key management system and force users to gather the keys of all their contacts manually because there's just no other way. How many users are going to do that for a program that they only kinda think they need?

If you want the answer to that question, look at the percentage of users who currently encrypt any large part of their communication (SSL excluded?)

A new way to thwart spam filters!

[Huh?]

Imagine if spammers start encrypting their spam with the recipients own PGP key. It would be impossible for content based spam filters to classify the e-mail (pre decryption).

I suspect the lack of PGP adoption, the overhead of getting and maintaining the PGP keys, and the increase in time and system utilization of encrypting the messages would make this unlikely. It's a chilling thought none the less.

Re:A new way to thwart spam filters!

[MindStalker]

But PGP encryption takes CPU time. This would be simular to the hash-cash mentioned earlier. They would be able to send significantly less emails and it would cost them more money to send.

Re:A new way to thwart spam filters!

[apdt]

It also means that they would have to send a different message to each recipient, as opposed to just listing lots of addresses in the RCPT To: field. This would vastly increase the bandwidth required to send the messages out.

Re:A new way to thwart spam filters!

[raxx7]

Actually, no.
Like most other aplications of public key criptography, it uses symmetric criptography to encrypt the document with a random session key and public criptography to encrypt the session key.
The most common reason is performance: symmetric chipers are much faster than public key ones.
But it also allows PGP to efficently encript a document in such way it can be read by more than one person. It just includes an encripted version of the session key for each recipient.

Re:A new way to thwart spam filters!

[apdt]

Yes, but the session key still needs to be encrypted with the recipients public key. This means that for each recipient the message will be different. Therefore they have to send one message per recipient, as opposed to sending one message with lost of recipients.

I was hilighting the impact it would have on the bandwith required rather than the CPU time involved. Spammers currently offload the bandwidth required onto downstream mailservers (open relays etc...), but if they're encrypting the messages they need to send out one message for every recipient, which will vastly increase the bandwith they use, and therefore their costs.

Re:A new way to thwart spam filters!

AFAIK you can attach more than one encryption of the session key to a message so that all the recipients can read the same encrypted copy.

Re:A new way to thwart spam filters!

[GekkePrutser]

Imagine if spammers start encrypting their spam with the recipients own PGP key. It would be impossible for content based spam filters to classify the e-mail (pre decryption).

Yes, but you can still see the sender's address and the subject.. If this is someone you don't know you'll have a good idea it's spam..

Besides, it wouldn't be too hard to make a desktop-based spam filter that just decrypts messages just like your mail reader does.. If PGP/GPG ever really take off, that is the next logical step.

YRO?

What the heck is this article doing in Your Rights Online? There's no legal/government issue here...

The baby Jesus

"Dead keys age off the server, and you can even remove keys if you forget the passphrase.

Thank Jesus."

Every time you forget your passphrase, you make the baby Jesus cry.

Your PC

[nurb432]

All they have to do is impound your pc. Then they will find that you have PGP installed... a violation.

The suspicious traffic will be enough to get the warrant...

Once it becomes illegal, we are screwed...

Re:Your PC

[NardofDoom]

How big is PGP? Could it fit on a floppy? Could said floppy be destroyed? How about a passcode you have to enter, and if you enter it wrong it'll burn anything naughty on your system.

The government will soon realize that we are smarter, faster, and more adaptable that it can every hope to be. Then it will have us hunted down and shot.

Re:Your PC

[bfree]

Well if your mad enough, you could (probably I haven't tried it) use Knoppix/Kanotix or a similar livecd (stock so the presence of the tools suggests nothing) and store your key and sensitive information on a encrypted loopback fs. You could even put extra encryption/stenographic software inside the loopback fs using something like klik. The only problem is that somewhere unecrypted has to be your code to "destroy the loopback fs if the wrong password is entered" and I can't see that becoming too common so it'll probably always be your own hack and as long as they can find that they have something to "accuse" you with. If a livecd or similar existed that did this (and it's raison d'etre was something else so just using it wasn't enough to point the finger) they'd probably have lots of complaints from people who typed in the wrong password by mistake! As for simply fitting PGP on a floppy, pick a system that comes with the tools by default then their presence won't do anything to implicate you not matter how suspicious the investigator.

OpenPGP set to become global standard

[Mstrgeek]

well done wrtie up on this topic

http://www.itweek.co.uk/news/1118258

Convenience

Er...no.

First of all, they are NOT talking about centralizing the ISSUING the keys, or restricting who CAN issue keys. You self-generate keys as before. Your "big bad central authority" concern is not valid.

What they are talking about is centralizing the part of the process that is SUPPOSED to be public--the public keys. This is for CONVENIENCE of the sender/recipient. It's not REQUIRED that you list your key--it just makes the process of finding public keys easier.

You can not list your key and exchange it privatly if you so choose--no one is talking about making software that won't work that way. It's simply giving PGP/GPG users the OPTION to list their public key in a repository, so that they don't HAVE to mail a key to each correspondant.

And this is nothing that's NOT already done today in other various repositories--all this is doing is giving users the convenience of having only one place to look, plus knowing that they've got the right key.

No one's making you play. No one's making a certificate authority. No one's forcing you to register. No one's making your software stop working. They're just trying to make it easier to use PGP/GPG, the same way the phone book makes it easier to call people if you don't have their number.

Please take off the tinfoil hat. Your concerns would be valid IF they were doing what you seem to think they're doing. But they're not.

Re:Free, for now?

[Frank+T.+Lofaro+Jr.]

So how soon before Google offers an uncrippled version of Google Groups for a fee?

It's in beta.

[lorcha]

B-E-T-A. Obviously the final rollout will be more robust.

One word

[lildogie]

> Is there any way to acutally prove that a message is encrypted,
> as opposed to being just random garbage data that two people
> happened to mail to each other?

Torture.

Re:One word

[archnerd]

There's actually a term for that. In cryptology, the reality of the weak point of any sufficiently good cryptosystem being the key owner's suceptibility to physical force is called "rubber hose cryptography".

Good idea, but flawwed...

[MoogMan]

Its a great idea, however there is still a single point-of-failure. Maybe a P2P-style system would be advantageous for this service instead?

Re:Good idea, but flawwed...

[EnormousTooth]

Why, exactly, would you want to give the power to change your public key to a complete stranger?
Wake up, folks, P2P isn' t the solution to everything.

OT: Flaw in GNOME image handling

http://news.com.com/Linux+groups+patch+image+flaw/ 2100-1002_3-5484080.html?tag=nefd.top

This presents problems with the trust path.

[molo]

Dropping keys from the keyring presents problems with the trust path. For example, A signs B's key. B signs C's key. A now has a trust path to C. If B is dropped from the keyring, no new users can authenticate that trust path. With the current scheme, if N signs A's key, N would now have a trust path to C. With the new scheme, the link to B and C is broken because he can't retrieve B's key.

Having an email address expire is not a reason to no longer trust a key.

-molo

Re:This presents problems with the trust path.

Not true, it is imperative that it be possible to revoke trust in keys. When an imposter is detected, the key needs to be both removed as well as any trusts they created to other keys. Not only that, but you don't want ancient trusts lying around forever, trust is a dynamic thing, and trust networks change. Forgetting old trust only means that it must be re-established every few years. That's a good thing.

Gmail and GPG

[rayde]

I'd be very happy if Google implemented a gpg layer to their gmail accounts. This could be fairly transparently to the user, unless the encryption and decryption was done locally. But even if it wasn't, it would still add another layer of protection.

Perhaps a pay version of gmail in the future will include SSL and use something like gpg in their messages.

Re:Gmail and GPG

[lachlan76]

Ummm...Gmail already has SSL.

Question

[AmberBlackCat]

I know very little about PGP encryption. I'm wondering, if there is a database of keys that can be used to read the mail then can the government just make the PGP guys hand it over and suddenly be able to read everybody's mail?

Re:Question

[flynn_nrg]

No, all they have is your public key. That key can only be used to encrypt stuff. Since you're the only one who has the private key and its pass phrase, only you can decrypt it. That's the point of public key cryptography. :)

who needs keys...

[hey]

... just use fake PGP

Gnupg and enigmail

By coincidence, I just set up gnupg
and enigmail for thunderbird yesterday
on my windows box. Took a few grungy steps
to get it all together (no nice installers
for the uninformed) but it looks like I am set
to go. I also registered myself at pgp.mit.edu
with a simple cut and paste... Why would I want
to use this service?

If only encryption was the default option...

[mu22le]

If mail apps signed messages by default and included encryption in an easy and trasparent way, people would start to get accustomed and use it.
I'd really like mail encryption to work as easily as ssl in browsers (but, hopefully, offering some more security).
I advocate Enigmail to become part of thunderbird and to have tb create keys for you when you create an account and sign message by default. If a recipient is found to support crypto (it uses tb or signs its emails) the app could even bother you asking if you want to send secure message.
This thing could be cool enought to get Outolook to follow the trend.
Oh, by the way, look at how many thing Outlook mad us swallow just by making them default (HTML mail for one)

real security is not telling the address....

... i often needed to create keys for supersecret endeavors, and god forbid, that you attach your real address/email with that, so everbody would know at least who will be communicating with whom.

the real security lies with the keys whose purpose isnt revealed.

for example high security networks and real life people could post keys that only reveal the public key and fingerprint, arent signed by anybody else or at least only signed by other keys that dont reveal their meanings, so their identity, people, organisations and purpose are completely hidden.

good means for security/government/osama/army/military/partisan/f reedom/humanrights/misc forces to communicate securely and properly without others even noticing a bit about identities.

knowledge is power, and less you reveal to the feds/opposition/rebels/communists/capitalists/evil doers/aliens the better you are off.

just think about it.

NSA

I thought the NSA already had a global repository of PGP keys? OOPS, posting to the wrong computer.

no Antispam effects!

[Eisvogel]

What are botnets for? Spammers don't care about computational expenses - they "use" other peoples resources!

** APPLAUSE **

Well said. Anyone who thinks a C-R system is a good idea simply doesn't understand what they are doing. I also do what the GP does - respond to C-Rs that I get due to joe-jobbing or the virus du jour.

And in case any C-R users wish to respond, here in a nutshell is why C-R is explicitly worse than useless : You receive a bunch of mail. Some of it may be whitelisted, some of it may be blacklisted. Some of it may be rejected outright due to eg SpamAssassin. Some of it may not be accepted in the first place due to RBLs. Whatever, at the end of all that, you have a body of messages for which you have to decide what to do. Instead of just facing up to that burden and delivering the message (or not), the C-R user passes that burden back to the purported sender. Most all of the time this is an innocent third party. So a C-R user's burden may go down, but only at the expense of the wider net community. It's ignorant and wasteful, and is little different than the modus operandus of spammers : let other people bear the cost of my own selfish actions.

If you're using a C-R system you are hardly any better than a spammer.

I wish PGP was more popular

[aoptik]

Most of society does not use any method of encryption. I would like to send private messages to my friends encrypted but no does. If not encrypted signed to make sure i am who i say i am. The last place I worked had a policy to use PGP encryption on all emails, but for the normal computer user and I would think some organizations will not encrypt email or anything for that matter. I think OpenPGP and PGP Commercial needs to do a better job marketing their product. I wish everyone could use PGP but I think I will have gray hair before I will see that.

...future for PGP? YES! Here's Resources!?!?

[QuietRiot]

Does anybody know of a good clearinghouse with information on plugins for a variety of mailers I could send my dad, high school friends, or grandmother to?

Anybody know of a list out there that collects information on how to secure your email, what's it's all about, and general key maintainence issues (for "the everyday net user")?

WinPT :: Windows Privacy Tray is a good place to direct your friends still using windows.

I'd like to be able to say to a friend: "Here's my key. Go to keepitprivate.com and find a plugin for the email software you use. Then next time you send me some email, just be sure to put it in an "envelope" (it just takes one extra click or can be set to happen automatically). You don't even need to lick a stamp! I value your privacy as much as I hope you value mine!"

I think a resource for mail administrators on how to add TLS capabilities to their SMTP handlers could be healthy for the net as well. On there would be step by steps on how to TLS-enable sendmail, postfix, qmail, proprietary-this, and proprietary-gateway-that. My SMTP traffic is opportunisticly TransportLayerSecure. Is yours?
Red Hat :: Sendmail
:: Exim
:: Qmail

If you're running Postfix you've got little excuse to not be running TLS.
http://article.gmane.org/gmane.comp.encryption.gen eral/979

Get a free server certificate from cacert.org If you haven't already you should add their Root Certificate to the list your browser accepts. They will also remotely sign your PGP/GPG keys and issue free S/MIME certificates as well. Very cool, totally free, and a distributed trust model rather than a top-down, it'll-cost-you-$199.00-for-an-SSL-cert model.

For more keysigning fun DO NOT MISS http://biglumber.com/! Find people nearby and extend your web-o-trust.

Host a keysigning party at your next LUG meeting.

You can get a email-address-verified signature at http://www.imperialviolet.org/keyverify.html

Learn about using subkeys.

- - - - - - GPG keys -- The new web. - - - - - - -

Re:..future for PGP? YES! Here's moreResources!?!?

[QuietRiot]

DROP TEXT :: Email People

(Sent this a few days ago to my ISP and family members - thought it might be useful to some /.ers or otherwise... Forward At Will )

=Cy

:: E M A I L ::

Do consider Thunderbird

http://www.mozilla.com/products/thunderbird/
http://www.mozilla.com/products/thunderbird/why/

for both yourself and your clients. It's really a wonderful product
and has spam handling built right in. Unlike Outlook(TM) it is open
about where it keeps your email (not hidden and difficult to export)
and is not so susceptible to worms and email nastiness such as scripts
that run without hindrance. Many a spyware app has been installed
further contributing to the spam problem due to people running just
that piece of software. Don't help the spammers. Reclaim your inbox.

It supports Enigmail: ( email envelopes you don't have to lick! )

http://enigmail.mozdev.org/
http://www.moztips.com/index.php?id=87
http://dudu.dyn.2-h.org/nist/gpg-enigmail-howto.ph p

I've attached my public key [ 0xYOUR_FINGERPRINT ]. I prefer to receive
secure mail. I've got nothing to hide, but I don't like using
postcards for all my USPS correspondence either. Regular email is
like using postcards on the internet. Any postal worker along the way
can take a look ( have a look at email "headers" sometime; every hop
you see is a place where your email is stored on a hard drive. )
Please use an envelope when communicating with me. Won't even cost
you a stamp. I value your privacy as much as I hope you value mine.

Privacy tool for Windows: (supports Eudora, Outlook, Clipboard)
http://winpt.sf.net

There's no need to keep my public key a secret. Feel free to give
it away or put it on a telephone pole; write it in the sky if you'd
like. It's available on the web. The more people that have it the
better. Use it to seal your envelopes when sending me mail. I've got
the only other matching key (my private key, opposite the public key
I've given to you) that allows me to unlock the envelope. You can
even lock an envelope so that multiple people can unlock it on their
own, but nobody else can read what you've sent them.

You can also find keys for me here:

http://www.biglumber.com

Please try it out. Be glad to help you get started.

:: W E B ::
If you haven't heard of the Firefox web browser yet

http://www.mozilla.org/products/firefox/

download it and check it out. Then look into the Extensions under
tools. Fast, far more secure than IE and extremely standards
compliant. Lots of tricks up it's sleeve in the way of Extensions,
themes, etc. Introducing this to your clients might be worthwhile as
well. The less spam and junk they've got clogging up their machines,
the less you'll pay for bandwidth, etc. Worth a look.

Thunderbird will import from Outlook. They just had a major release.
Even though this is version 1.0 it's not like a "typical" 1.0 release.
In the opensource world projects often start out with very low version
numbers. It's not uncommon to see something like v0.3.22 for very
usable and extremely bug free pieces of software.

Anyway it's really nice - though it doesn't have the calendar and palm
integration. That you'll need to weigh. Mom however doesn't need to
be on outlook....

=====[ http://www.mozilla.org/products/thunderbird/releas es/ ] =======

Comprehensive Mail Migration from other Mail Clients

Switching to Thunderbird has never been easier since Thunderbird can
now migrate all of your email data including settings, mail folders

gnupg plugins for outlook

Can anyone recommend any good open source gnupg plugins that allow for usage with outlook?

spare the satirical or condescending remarks, I have to use outlook for work.

Thanks!!

What unshared features?

[MrZaius]

Can someone explain what these Gnu/PG features that aren't in PGP are, and what they have to do with the key database?

Re:What unshared features?

[Gemini]

Can someone explain what these Gnu/PG features that aren't in PGP are, and what they have to do with the key database?

Little stuff that can be annoying if you suddenly are incompatible. OpenPGP allows multiple photo IDs per key, and PGP only allows one. OpenPGP allows subkeys that can make signatures or encrypt, and PGP only allows subkeys that can encrypt. Stuff like that.

These things are part of keys, and if the keyserver is written to assume PGP-generated keys, it might not support them.

PGP in forums

[Calroth]

I've often wondered why forums don't support PGP directly. Scenario:

• You want to post on Slashdot.
• You click "Post" and paste in a PGP-signed message.
• Slashdot verifies the signature and puts "Verified" or a lock icon in the message header. Also makes available the original text. Maybe gives you a karma boost ;-)
• You don't need to log in, as Slashdot checks the signature against the PGP public key you have on file.

Could work with a lot of other forums out there. Never tried coding it myself, but the technology is certainly there.

Re:PGP in forums

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I think this is an excellent idea.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBuRknkeetBuAdnkIRAmL9AJsFmyd UpVhpk7uVmOAS9QdLTaAhaQCgubki
62MUFRoChQL3iYaSPdn Hg6o=
=x4R8
-----END PGP SIGNATURE-----

Re:PGP in forums

[Ramses0]

That's pretty cool...

--Robert

$ gpg --verify test.txt
gpg: Signature made Thu Dec 9 21:33:59 2004 CST using DSA key ID E01D9E42
gpg: Good signature from "David Lee Lambert (born May 1979 in California) [lamber45@cse.msu.edu]"

Re:PGP in forums

[enigmathegreat]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

That's one of the most interesting serious ideas I've ever heard on
slashdot. I only have one problem with it, though: What impact will it have
on the servers? I imagine that would add considerable overhead to every
post operation.

-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt http://www.ipgpp.com/

iQA/AwUBQbpWT6oVgopboHGhEQKToQCfR1/tuxhXpe+P+5Vz ho OE01ICk34AoKrx
RJtSgRICdVwFU1raFj8W1z15
=bz+Q
- ----END PGP SIGNATURE-----

subverts PGP security model

[hephro]

After verifying an email address I got this:

After downloading, import the Verification Key into your PGP software. Then, sign the key with your key and mark it as Trusted. Please see the documentation for your PGP software for specific instructions on trusting a key.

In other words: they expect you to trust them based on the X.509 certificate they present... I hope people realize that with the inclusion of dozens of CAs in common browsers etc. this totally subverts the idea of a web of trust. -Hein

just a quick question...

[djeddiej]

Hi, I dabbled with PGP back in the late nineties but never really maintained using my keys due to lack of purpose or use....Do people here feel that this is going to make some sort of dent in the consumer market? A lot of people who I deem "computer average" are not even aware of PGP... just my thoughts.

Something like:

[Chuck+Chunder]

curl http://slashdot.org/ | gpg -se -r Bob

(this is a joke, I have no idea if that's a valid way of invoking GPG)

so you're talking about..

[Suchetha]

.. encrypted IRC??

atb

Suchetha

Re:Free, for now?

The very moment when their golden days start waning. Right now they don't need to.

If they ever need money, that's what they'll do. They're a corporation, not for the common good. Now I do think that they won't run out of money that easily, especially with the government TIA connection, but nevertheless.

Google groups is a bit different than a PGP keyserver. You'd like the keyserver to be there always, it is very convenient. As for Google groups, you can just read your groups off Usenet like normal people, and stop bothering with it. Not having it doesn't mean much.

Parent's broken; Additional info and links!

[QuietRiot]

See my other post with links on how to setup TLS for your mail server, more info on building the web-of-trust, and GPG downloads for your windows friends.

http://yro.slashdot.org/comments.pl?sid=132181&cid =11046941

Also note that the ======== http://link ======== at the end of the parent post has been mangled by Slashdot Submissions Co. and should be fixed before forwarding it on to your friends, or posting anywhere. Broken links have never impressed anybody.

WTF - Here are some links from the link above again. Sorry about the bandwidth wastage but I think it's worth people seeing as practices contained within are sure to benefit us all (in Utopia - yay!)

[--snip-- (abridged) ]

WinPT :: Windows Privacy Tray [sf.net] is a good place to direct your friends still using windows.

I think a resource for mail administrators on how to add TLS capabilities to their SMTP handlers could be healthy for the net as well. On there would be step by steps on how to TLS-enable sendmail, postfix, qmail, proprietary-this, and proprietary-gateway-that.
:: Sendmail
:: Exim
:: Qmail

If you're running Postfix you've got little excuse to not be running TLS.
http://article.gmane.org/gmane.comp.encryption.gen eral/979

My SMTP traffic is opportunisticly TransportLayerSecure. Is yours?

Get a free server certificate from cacert.org If you haven't already you should add their Root Certificate to the list your browser accepts. They will also remotely sign your PGP/GPG keys and issue free S/MIME certificates as well. Very cool, totally free, and a distributed trust model rather than a top-down, it'll-cost-you-$199.00-for-an-SSL-cert model.

For more keysigning fun DO NOT MISS http://biglumber.com/! Find people nearby and extend your web-o-trust.

Host a keysigning party at] your next LUG [debian.org] meeting .

You can get a email-address-verified signature at http://www.imperialviolet.org/keyverify.html

Learn about using subkeys .

- - - - - - GPG keys -- The new web. - - - - - - -

[--snip-- (abridged) ]

sorry, to burst your bubble...

[danalien]

... I don't know from what rock you are crawling under from...

but, SpamAssassin 3.x, ain't that good. Though it's not in any way bad. Just that it's not that good-good, that it can effectively protect you against 100% of all da' spam that's thrown at you.

... so if you're not seeing false-positives/false-negatives... then it's coz' your one lucky son of a b1j47(|-| :-)

PS. I'm using SpamAssassin 3.0

Re:sorry, to burst your bubble...

[YetAnotherDave]

SA 3.0 with mostly the same rule-weight changes as 2.x, and a LOT of mail to train on.

I've been religious about keeping it trained with spam/ham, which helps a lot. I have a 4500+ message spambox, which I'm happy to share for your training..

The only false response I've had in the last few months is a message my granny sent me in all caps got flagged as spam. That's why there's a whitelist feature...

I never said it was perfect, I meant that the small amount of checking I have to do is less trouble than the stuff I used to do (rotating dummy accounts etc).