Chaos Computer Club, Others Scoff At German Email Security Move As "Marketing"

The move on the part of three large German ISPs to provide more secure email, marketed as "Email made in Germany" (Deutsche Telekom's part specifically was mentioned here yesterday), has drawn sharp criticism from security experts, according to a report at Ars. Among those experts are members of the Chaos Computing Club, and GPGMail lead Lukas Pitschl, who responded to the move from Deutsche Telekom, GMX, and Web.de to encrypt all email in transmission with SMTP TLS : "'If you really want to protect your e-mails from prying eyes, use OpenPGP or S/MIME on your own desktop and don't let a third-party provider have your data,' he told Ars. 'No one of the "E-Mail made in Germany" initiative would say if they encrypt the data on their servers so they don't have access to it, which they probably don't and thus the government could force them to let them access it.'"

Re:pgp

[MichaelSmith]

What then?

Its a start

[maas15]

It's a start, at least the passwords are safe... there's a tendency for security communities to scoff at nearly any half improvement

Re:Its a start

No, it's not a start, it's a backwards step. This gives people a false sense of security, when in reality they have none.

Re:Its a start

[fustakrakich]

This gives people a false sense of security...

That's the idea!

Re:Its a start

[Dan541]

It's a recurring problem in the IT industry. Anything that isn't 100% secure gets dismissed.

SMTP TLS goes a long way towards making email more secure. So long as the providers aren't pretending they are unable to hand it over to law enforcement (encrypted on the server) then it isn't a problem. User education is the key.

Re:Its a start

[Opportunist]

A start, yes. Whether it is in the right direction is debatable.

The problem is that things today are marketed as absolutes. Just like in this case. IT IS SECURE is bull. And the ones providing it know it. It's a better choice than many alternatives, yes, but you know how people will react to it. Just like they did to antivirus and firewalls. I have antivirus, so I needn't be wary of infections anymore, the antivirus will take care of that!

Sadly, that's not the case. And people will react in similar ways here. Because they don't want to deal with security, they want someone else to do it for them. If there is not somebody like this, they will, at least maybe, be vigilant. If there's someone promising them privacy and security, they'll rely on it.

Re:Its a start

[gmuslera]

In fact, the start is that is hosted in Germany, the host don't have to blindly give everything to the US government (what must do if the users are german for US based internet services). That the content, going to another server outside Europe could be intercepted and decrypted or not (or done on target as the mail comes from a non US citizen), is a different problem.

Re:Its a start

[Dan541]

SMTP TLS does absolutely nothing for security if even one provider in the chain doesn't use it.

Nobody has claimed otherwise.

SMTP TLS is for securing traffic between servers, no one has said that it will prevent your provider from being complicit in handing over your personal data or that it will protect you if NOT used. Not sure why you felt the need to point out the obvious, BTW did you know an empty Fire Extinguisher won't help you to fight fires?

SMTP TLS does protect email the fact that it doesn't provide 100% anti-james-bond security doesn't make it useless. Is the lock on my front door useless, since it won't stop a sledgehammer, crowbar, chainsaw or law enforcement?

Of course it does become a problem if someone touts it as offering more secure than it really does, but this is also a problem that exists with physical security. Yet we don't so readily dismiss our wooden doors, glass windows and cheap residential locks.

Re:Its a start

[pizzap]

Oh, but that's exactly the point here. I guess these three providers handle about 80% of germanies email traffic.

So a lot of mail traffic went directly from T-Online to Web.de. And these three companies were unable (or unwilling) to activate TLS in their configs until now.

Re:Its a start

[ogdenk]

1.) SMTP TLS has been around for a while.

2.) It can be used to encrypt traffic between client and server and serverserver assuming one end isn't using some 15 year old MTA or is too lazy to set up TLS.

So no, it's not a backwards step. It helps prevent sniffing e-mail traffic on the local LAN from client->server at least and most of the time serverserver. It's more like they are 15 years late doing something that should have already been done. It does NOT help with mail stored on the server so if it's hacked/siezed you're still screwed.

The biggest problem is the NSA is basically trying to render SSL/TLS useless by bullying CA's into handing over keys.

The NSA has shown us the most basic weakness with TLS/SSL recently. Really, until everyone starts using GPG or SMTP is replaced with something more modern, there is no such thing as comfortable end-to-end e-mail security.

But you're right, they shouldn't try to instill a sense of false security but that's not the same as NO security. SSL/TLS does really help and any mail provider that doesn't support it by now should be considered insane and possibly blacklisted.

Think about it though, if they came out and told the public "we're spending a bunch of money and resources to help e-mail security out a little bit so people can have a slightly smaller chance of reading your mail" they would get screamed at.

Re:Its a start

[msobkow]

I pointed it out because apparently it's not obvious based on the high rating of the post above mine. Were it "obvious", no one would make such ludicrous claims about how good SMTP/TLS is at securing your email.

Security is only as strong as it's weakest link. Everyone in the industry knows that. Yet some BS artists continue to perpetuate the myth that because an optional component for securing data exists, the data is secure. Anyone with a functioning brain cell should know better, so apparently some people don't have them.

Re:Its a start

[Dan541]

Nope, security.

Feel free to point out where I'm wrong.

So what ever became of public key escrows?

[goombah99]

When public key encryption first came out in the late 70s, the promise was we would all have escrowed public keys. A public key would be linked to an e-mail address in the same way a DNS server connects a URL to an IP. I woul dnot need to know your public key ahead of time, my e-mail client would quietly fetch it for me using your e-mail address, and then encrypt the message.

So basically by now all e-mail should be encrypted by default if the future had panned out the way everyone thought in 1976.

All that's missing is ubiquitious public key servers and a universal protocol for binding a key to an e-mail. We do this a zillion times a day for DNS, so it's not technologically difficult.

Why didn't it happen?

Re:So what ever became of public key escrows?

[MichaelSmith]

All that's missing is ubiquitious public key servers

We have that now. The reason I haven't set it up for my mother is that she uses gmail and her email is stored by google in plain text anyway.

Re:So what ever became of public key escrows?

[icebike]

So you haven't found key servers yet?

Why not try on line at http://pgp.mit.edu/

Re:So what ever became of public key escrows?

[goombah99]

All that's missing is ubiquitious public key servers

We have that now. The reason I haven't set it up for my mother is that she uses gmail and her email is stored by google in plain text anyway.

No we don't. Or if I'm wrong then please point me to the information I need to configure this transparently on an e-mail imap client. To be useful it needs to be invisible so no matter who I'm sending an e-mail too it doesn't matter if they have a public key or not. Likewise if someone is sending me an e-mail my client needs to be able to handle it regardless of being encrypted or not without my intervention.

SO what clients do that? and what public escrow do they use?

Re:So what ever became of public key escrows?

[icebike]

Google wouldn't store her email in plaintext if she didn't hand it to them that way.
Stop using a web browser for a mail interface.

Re:So what ever became of public key escrows?

[goombah99]

So you haven't found key servers yet?

Why not try on line at http://pgp.mit.edu/

Yes there are manual plances to cache keys. But the point is, this is manual. one needs the e-mail client to do this invisibly or it can't become the default.

Re:So what ever became of public key escrows?

[MichaelSmith]

I use the enigmail extension for thunderbird. It transparently handles the encryption and decryption of messages. It looks up PGP keys on key servers for recipients of the messages I send. I store my key on pool.sks-keyservers.net

The choice of key server is entirely up to me. It is not built into enigmail.

Re:So what ever became of public key escrows?

[goombah99]

Google wouldn't store her email in plaintext if she didn't hand it to them that way.
Stop using a web browser for a mail interface.

One could easily use a web browser interface provided that the decode is done in the javascript on the client's computer, not back at google HQ. You could do this in the same way that most browsers will store your passwords and autofill forms. Just have a protocol that allows a decode based on locally stored key (or at least locally unlocked access to a remote key) done in such a way that the ava script never gets the key, just the decoded result.

Re:So what ever became of public key escrows?

[MichaelSmith]

The enigmail configuration has a keyserver setup UI with defaults loaded, which makes the upload of keys quite easy. If we are not at the point where my mother could do it, then we are close.

Re:So what ever became of public key escrows?

[MichaelSmith]

Stop using a web browser for a mail interface.

Well yeah but web mail is used by many people for its convenience. People rely on it for cloud storage. Telling people to stop using it won't make them stop, not easily.

Re:So what ever became of public key escrows?

[MichaelSmith]

I fear that javascript will not be secure as long as it doesn't have namespace support. There is currently no way I can see to unambiguously authenticate javascript code so that it can be trusted with secure data.

Re:So what ever became of public key escrows?

[goombah99]

I use the enigmail extension for thunderbird. It transparently handles the encryption and decryption of messages. It looks up PGP keys on key servers for recipients of the messages I send. I store my key on pool.sks-keyservers.net

The choice of key server is entirely up to me. It is not built into enigmail.

Cool. But this isn't really fixing the core problem of universality. If everyone uses a different key server, then I have to know what key server someone used to send them an e-mail (and vica versa). We don't have that problem with DNS. every URL gets resolved. the DNS servers push out best guess routing tables. The whole internet is transparent to the user just given the DNS and a URL. It should be that way for e-mail.

Ideally you could imagine that the DNS resolver would also resolve translation of the e-mail address to a public key. It could cache the keys itself, or know what key server to query. The problem with that idea perhaps is that there are more e-mail addresses than URLs. So what you want to do instead us have the url in the e-mail address proivide the service.

THat is, if I want to send an e-mail to foo@hotmail.com then my client query's hotmail for the public key for foo. If hotmail decided not to particiapte the DNS could provide an alternative address for a catch-all server of keys.

But I just don't see how this works if everyone is using a different service provided for their key. How can my client know what to do??

Re:So what ever became of public key escrows?

[goombah99]

The enigmail configuration has a keyserver setup UI with defaults loaded, which makes the upload of keys quite easy. If we are not at the point where my mother could do it, then we are close.

But this requires I know the keyserver used by every person I might e-mail. How do I know that ahead of time?

Re:So what ever became of public key escrows?

[MichaelSmith]

There is an online pool of key servers with a limited number of entry points so that each client knows which servers to search for keys. It is very reliable and I have never had to manually search for a key to exchange messages with a person. Finding the keys isn't the problem. Complacency is. I recently worked with a group of security conscious people who had PGP set up. I encrypted all the messages I sent to them initially but they sent their replies in plain text so I gave up.

Enigmail here searches pool.sks-keyservers.net, subkeys.pgp.net, sks.mit.edu, ldap://certserver.pgp.com

Re:So what ever became of public key escrows?

[MichaelSmith]

The enigmail configuration has a keyserver setup UI with defaults loaded, which makes the upload of keys quite easy. If we are not at the point where my mother could do it, then we are close.

But this requires I know the keyserver used by every person I might e-mail. How do I know that ahead of time?

As I said above: there is a limited number of key servers on line and currently it is simple to locate the key for an email address.

Re:So what ever became of public key escrows?

[icebike]

The enigmail configuration has a keyserver setup UI with defaults loaded, which makes the upload of keys quite easy. If we are not at the point where my mother could do it, then we are close.

But this requires I know the keyserver used by every person I might e-mail. How do I know that ahead of time?

No, any key server will do.
And there are hundreds of them, and they all talk to each other.

Any modern email program will have a pgp plugin which will query the server for you

Re:So what ever became of public key escrows?

[goombah99]

Well this is good info. I suppose however, circling back to my original post, it's futile to try doing this till nearly everyone is using an automatic encryption by default. I can't very well send an encrypted message to anyone without a public key. and they can't send one back if they don't use a client that runs enigmail or equivalent. So I wonder out loud again, why not? Why isn't this built into apple mail.app or thunderbird or any other mail client by default. It's only been 40 years!

Re: So what ever became of public key escrows?

[ceoyoyo]

Because somebody realised it was a dumb idea.

DNS isn't secure. There are all sorts of ways to spoof it. Not that a government would bother - they'd just walk in and inform the key authority that key A was going to be, ah, temporarily replaced. Key authorities come down to having to trust some computer that's not under your control.

We DO have public key repositories. Every time you visit a site using https you're using one. They work reasonably well when a big corporation wants another big corporation to vouch for it (and also exclude anyone else who doesn't pony up the cash for the service).

For individuals it makes much more sense to arrange the key exchange yourself, or to refer to a key published somewhere that YOU verify. Am I talking to the guy who I was talking to last week? Check my list of keys. Am I talking to the guy who posted that message on that forum? Check the signature attached to his forum post.

Why doesn't everyone encrypt their messages then? Because the vast majority of people just can't be bothered.

Re:So what ever became of public key escrows?

[goombah99]

Isn't the resolution to this to simply for everyone to create their own key pair? The CA is only useful for signing a document. But I don't care about signing it. I care about sending it confidentially. So I only need to know the recipent's self-generated public key. No need for Thawte to be involved. For this to work I still need to be able to trust that the key server is giving me the right key of course (just as I trust DNS to send it to the right IP.) But thats better than nothing.

Re: So what ever became of public key escrows?

[goombah99]

Because somebody realised it was a dumb idea.

DNS isn't secure. There are all sorts of ways to spoof it. Not that a government would bother - they'd just walk in and inform the key authority that key A was going to be, ah, temporarily replaced. Key authorities come down to having to trust some computer that's not under your control.

We DO have public key repositories. Every time you visit a site using https you're using one. They work reasonably well when a big corporation wants another big corporation to vouch for it (and also exclude anyone else who doesn't pony up the cash for the service).

For individuals it makes much more sense to arrange the key exchange yourself, or to refer to a key published somewhere that YOU verify. Am I talking to the guy who I was talking to last week? Check my list of keys. Am I talking to the guy who posted that message on that forum? Check the signature attached to his forum post.

Why doesn't everyone encrypt their messages then? Because the vast majority of people just can't be bothered.

SSH has a simmilar problem and they solved this with fingerprints. The first time you connect to a remote server you accept a fingerprint. From then on, when you connect it warns you if the fingerprint doesn't match. This is protection against impersonating the host. Surely one could do the same with public keys. The first time you send a message you use the public key-server and then keep a copy locally to use in the future. Thus you only need to establish that the first communication attempt is secure, just like ssh. If someone replaces the key in the key server you can detect this change.

Re:So what ever became of public key escrows?

[kanweg]

"Cool. But this isn't really fixing the core problem of universality. If everyone uses a different key server, then I have to know what key server someone used to send them an e-mail (and vica versa). We don't have that problem with DNS. every URL gets resolved. the DNS servers push out best guess routing tables. The whole internet is transparent to the user just given the DNS and a URL. It should be that way for e-mail."

No need for new Internet protocols. You can start with this right now: Tell everyone on who is into encrypted email to do the following: Make a rule in your email client that automatically replies with the public key when the subject line reads: Public key please.

All your emails could contain the signature line: To send me a secure email, send a regular email with Public key please in the subject line. You'll receive an automatic reply containing my public key.
This tells other people that they can set up their email client to do it too for their public key.

Once this gets traction everybody will know it is part of what you do when you get into encrypting email.

Bert

Re:So what ever became of public key escrows?

Because 99.99999999999999999% of the email sent in the world is unimportant garbage and we don't care if the entire world gets a copy.

Going all out for email security for most people equates to buying a blastproof safe for your gardenhose...

Re: So what ever became of public key escrows?

[HJED]

Surely with the advent of DNSSEC it would be now be feasible to implement it on DNS. Importantly this would allow self signed certs for S/MIME as few 'normal' users will pay to get a certificate from a large company (and they are usually quite expensive).

Re:So what ever became of public key escrows?

True, but missing the point. Using a key server to get unverified public keys is opportunistic encryption: it encrypts whenever it is able and may or may not be verified. The may or may not part is important: if it is verified, then a MITM attack will be detected and thwarted; if it isn't, then the MITM might not know that and still not attack for fear of being noticed. Of course it would be best if all encryption keys were verified, but encrypting with an option to verify is a good first step and makes attacks significantly more expensive. OTR is a good implementation of this concept for IM. For something like PGP, if there is a working web of trust, then you may be able to verify a key through multiple hops of the web of trust (although then the web of trust itself is a possible privacy concern).

Of course, this all assumes desktop apps for e-mail, which aren't actually used that much (or, at least, not without also having a smart phone or web interface as well).

Re:So what ever became of public key escrows?

[icebike]

Stop using a web browser for a mail interface.

Well yeah but web mail is used by many people for its convenience. People rely on it for cloud storage. Telling people to stop using it won't make them stop, not easily.

The rationale for using web browsers for email is convenience, you couldn't have your computer everywhere, and using a Web browser was easy, because you can always borrow a cup of Web from someone to check your email.

But the world has changed since then. You don't have to borrow anymore. You carry your computer in your pocket.

Re:So what ever became of public key escrows?

[Arancaytar]

We have public key escrow servers. The problem is that since most of the world's email users are too ignorant or too apathetic to security to use them, nearly all email traffic involves at least one party who doesn't.

How would you force someone to create a key-pair for their email address? They have to create it on their own computer for it to be secure. You could add that into Thunderbird at most, and then people would be confused that they can't access their email from other machines.

Re:So what ever became of public key escrows?

[MichaelSmith]

Yes, agreed.

Re:So what ever became of public key escrows?

[fph+il+quozientatore]

Actually I think it would be possible to make a browser-based e-mail interface that decrypts everything client-side without sending any private key to the server. It just takes a bit of javascript magic. (Will we see Google implementing it anytime soon though? Doubt it.)

Re:So what ever became of public key escrows?

[SatiricComet]

1984 happened. Literally.

Re:So what ever became of public key escrows?

[AmiMoJo]

I think any new system needs to at least match webmail for features and convenience. That means accessible from any browser and with mobile phone apps, and for free. It needs to be easy to set up.

Some kind of wrapper around IMAP might work, but ideally a browser extension that just secures Gmail and Hotmail could be created. I remember there was a project to do this for Firefox, but it seemed to die as Google re-hashed the early Gmail code so often.

Re:So what ever became of public key escrows?

[erroneus]

"Standards" is why it didn't happen.

If a bunch of tech companies got together and created an email protocol set with security and privacy as the focus and completely dropped compatibility with SMTP, IMAP/POP and all that, something could happen.

Part of the trouble is that, like bit torrent, a lot of things just have to start off as non-mainstream. And if something were to attempt to start off as mainstream, it would be so corrupted by business interests that it would be just about useless.

And then there's the problem of platform support...

The way things are now, it's a lot harder to make larger sweeping changes.

Re:So what ever became of public key escrows?

[Idimmu+Xul]

I got locked out of my flat the other day, in just my dressing gown, with out my keys or my mobile phone. Thanks to 1password the only password I actually know is the one to my Webmail. I was able to go to my neighbours, check Webmail, get the contact number of my friend who has my key out of my contacts, then ring him.

Unfortunately he didn't answer so I had to spend £80 on a locksmith, but hey.. it almost worked!

Re:So what ever became of public key escrows?

[Dan541]

I use S/MIME so my signature is sent every time I send an email. It's true that the initial email exchange with any new contact will have to be sent in plain text (SMTP TLS if their server supports it), but after that everything can be sent encrypted client to client.

Re:So what ever became of public key escrows?

[kwardroid]

My emails contain my pgp fingerprint,my public keys are in DNS, my public keys are on keyservers, my keys are signed by others (thus creating a web of trust).

Re:So what ever became of public key escrows?

[Dan541]

Just about every modern email client supports S/MIME these days.

Re:So what ever became of public key escrows?

[Dan541]

Not to mention actually obtaining a client-side x509 certificate is almost impossible. So in conclusion, you're fucked, always remember that email is postcards not envelopes.

You're right, spending an entire 5 minutes to obtain and install a certificate is an utterly impossible task.

Re: So what ever became of public key escrows?

[Dan541]

Free = Expensive?

Re: So what ever became of public key escrows?

[HJED]

Non-self signed certs that are recognised by most major email applications are not free. They are usually quite expensive. Note I am refering to S/MIME not PGP, which is different but doesn't work very well with HTML. message (or at least engimail doesn't last time I checked).

Re:So what ever became of public key escrows?

[Sique]

While this is true, it doesn't help the NSO very much as those keyservers only hold your public key, and your public key is -- well -- public anyway. It would be problematic if they hold your private key as well, which they don't.

All a NSL would cause in this case is that now the secret organisation knows how to send you encrypted mail, which they could have known before anyway by just requesting your public key. They could in theory use them to start MITM attacks by putting tainted keys there, but then their key mismatches the key you would get from other keyservers if you ask them for the same key.

Re:So what ever became of public key escrows?

[Opportunist]

A very valid objection, but an equally easily fixed one: Verify the key with a second channel.

Re:So what ever became of public key escrows?

[DarkOx]

And then some other stuff happened.

Webmail - made it hard technically to do client side encryption (back in the days when CGI was all you had). It also has made it hard economically. How to do pay for your webmail offering unless you A) are the ISP charging for the line (we should probably forsake google, yahoo, hotmail and go back to this model), or B) Hard to make a buck if you can't look at the data to do target ads.

SPAM - Who wants a public list of all the e-mail addresses that are valid for their domain out there? How well would that work out. 10 years ago if MUAs had started tossing messages out that were not encrypted or signed with their users public key, it might have stopped unsolicited bulk mail. Today the SPAMers have enough computer power and bandwith to fetch the keys and generate signatures.

Re: So what ever became of public key escrows?

[Dan541]

You can get a free cert from here: http://www.comodo.com/home/email-security/free-email-certificate.php
Which I found out about after paying $50 for a 3 year cert from global sign.

I see no reason that S/MIME couldn't be made much easier to install. Preferably through a configuration wizard when setting up an email client, software vendors get need to get on board and hopefully partner with a CA so the certificate verification and installation can be done from within the mail client itself.

Re: So what ever became of public key escrows?

[Bucc5062]

I took a look at this then pondered, why is it for free? TANSTAASFL. Given the security conversations these days it is not hard to imagine a company giving away "free" certificates with the string being a way for it to be used by a government agency (I don't know a lot about certs). I guess I can just ask them, but would it be so hard to state why they can give away something that other people seems to pay for? btw, I read the why choose comodo, but it does not explain we we doe this. Is it just drug pusher style marketing to later get you hooked and then "gee dude, sorry, I'm going to ahve to charge you now, we changed the program and "free wont work any more". I'm curious to try this out, but have questions.

Re:So what ever became of public key escrows?

[aliquis]

The encrypted mail is stored, obviously.

Re:So what ever became of public key escrows?

[aliquis]

As for Apple mail.app likely because it's not an Apple product.

Re:So what ever became of public key escrows?

[BrokenHalo]

1984 happened. Literally.

Indeed it did. Not long after 1983, if I remember correctly.

Re:So what ever became of public key escrows?

[chill]

Uh, these are PUBLIC key servers. The entire point of PUBLIC keys is to share them as widely as possible. If the NSA wants to help, more power to them.

Re:So what ever became of public key escrows?

[CronoCloud]

Several tools exist for searching keyservers, seahorse on Linux can search multiple ones.

Re:So what ever became of public key escrows?

[CronoCloud]

Easy fix for that, switch her to a real e-mail client so that she can use gmail via IMAP as the Geek Gods intended. As a plus...no more ads.

Re: So what ever became of public key escrows?

[CronoCloud]

Note I am refering to S/MIME not PGP, which is different but doesn't work very well with HTML. message (or at least engimail doesn't last time I checked).

Say what? PGP doesn't care what the content is, especially not if you're using PGP/MIME rather than PGP/Inline

Re: So what ever became of public key escrows?

[CronoCloud]

I took a look at this then pondered, why is it for free?

Free for personal use, they charge for business certs. There's no money in personal certs so they give them away as advertising/loss leader for their other services (like their security suites and business certs/services) IIRC their business certs have more features and are for more than a single year.

Re:So what ever became of public key escrows?

[b4dc0d3r]

The sort of encryption needed was illegal to export from the USA during most of that time. And USA was driving or pushing adoption of the internet, the web, the browser, email, AOL keywords...

Business made a concerted effort to make putting credit card info into a website look secure. But no one ever questioned if putting their mails to friends and relatives required the same protection.

No demand meant early providers of paid services and clients did not put effort into encryption. Then people grew up in that world, and it seems normal.

Now, encrypted mail is reported with news of terrosts and pedo rings and drug cartels, so it is not just "not normal" - it is "abnormal" to encrypt.

Assuming your question wasn't rhetoric, I hope that helps.

Re:So what ever became of public key escrows?

[goombah99]

yours is the first actual answer to my question!

Re:So what ever became of public key escrows?

[CronoCloud]

Isn't the resolution to this to simply for everyone to create their own key pair?

Yeah, you can create your own S/Mime certs but if you use your own self created one the application on the receiving end puts up a "scary" message about it being self signed or something like that.

Re:So what ever became of public key escrows?

[fearlezz]

Actually we have solved that problem. It's called S/MIME and getting your keys from a Certificate Authority such as VeriSign.

VeriSign... Under the direct control of the NSA. Or any other CA in the ca-bundle.crt, such as DigiNotar - iranian govt had direct or indirect access to those certificates. Or what about türktrüst, a CA under control of another totalitarian regime.

S/MIME is only secure when the dozens of CAs can be fully trusted. And they've shown they can't.

Re:So what ever became of public key escrows?

[hairyfeet]

Uhhh...because nobody uses download mail anymore and Google and Yahoo can't datamine your email if it were encrypted so it ain't allowed?

I'm sure some geeks will chime in with how they run their own mail server and IMAP this and POP that but ya know what? You are the dinosaur, you're the 8-track, you are history. I'm sorry if that offends some but its a fact, i work with Joe and Jane Average 6 days a week and in the last 5 years how many of the thousands of customers from all walks of life have I had using download mail? TWO, both were retired corporate and liked their Outlook...that's it, that's all. Hell if you asked the average person under 30 they wouldn't even know WTF download mail or mail clients were, they have grown up on Yahoo and Gmail and that IS email to them. Then you have all the smartphones and tablets and while it may not come with an email client you can bet your ass it'll come with a browser and of course Gmail and Yahoo apps are an appstore search away.

So like it or not the war is over and security lost a looong time ago, now we have everyone posting their entire lives on FB and tweeting every minute of the day, do you REALLY think they are gonna care about encryption or go through the hassles of using download mail when they already have yahoo and Gmail and it does what they want it to?

Re:So what ever became of public key escrows?

[chihowa]

It did happen: The complete guide to publishing PGP keys in DNS

GPG will use keyservers, PKA (key publishing in DNS), and DNS CERT (another key publishing in DNS) by default.

What didn't happen was anybody at all caring enough to actually encrypt their email, and email clients including encryption by default without kludgy plugins.

Re:So what ever became of public key escrows?

[chihowa]

It should be built into mail clients by default, but plugins are readily available.

Enigmail for Thunderbird
GPGMail (mentioned in TFS) for Apple Mail.app

Re: So what ever became of public key escrows?

[ceoyoyo]

Secure DNS is just another way of some organization vouching for the data. If you trust Verisign or whoever ends up issuing the keys, great. They have such a great track record though.

Also, if it's a powerful government you're trying to hide things from, secure DNS, or any other form of centralized key store, is bad. It's a single place that can be compromised.

The ONLY way to have secure communications is to exchange a key personally, with whatever means you feel is sufficient, whether that's exchanging a key by e-mail now and using it for the next ten years, or meeting face to face.

Re: So what ever became of public key escrows?

[ceoyoyo]

Absolutely. The first time you send a message to someone, ask them for their key. Done. You can do that now. Better yet, just append your key fingerprint to every e-mail. I know some people who used to do that. But nobody cares about encrypting e-mail, so very few people bother.

Re:So what ever became of public key escrows?

[gnasher719]

Yeah, you can create your own S/Mime certs but if you use your own self created one the application on the receiving end puts up a "scary" message about it being self signed or something like that.

Of course it does. I can create a self signed certificate for cronocloudauron&gmail.com in one minute and send signed messages pretending to be you. And if anyone sends you an encrypted email, I'm the only one who can read it :-)

Re:So what ever became of public key escrows?

[MichaelSmith]

She needs to be able to access her email when away from home, including out of the country. For that she borrows other peoples computers and relies on them for technical assistance. So a static solution isn't really good enough for her.

Re:So what ever became of public key escrows?

[CronoCloud]

There's always the "Get her a laptop" solution. Or you can get her a tablet, the default Gmail app can use IMAP, but K-9 can use IMAP and APG (the gnupg for android), then all she needs is wifi/3G/4G

Re: So what ever became of public key escrows?

[HJED]

Maybe it is just the engimail plugin for Thurderbird then? Last time I checked they strongly advised you not to use HTML

Re: So what ever became of public key escrows?

[HJED]

It is better then nothing though and you would be able to detect if DNS had been compromised as they would have to use a different public key. The person on the receiving end would not be able to decrypt it, and at that point they would need to compromise the mail server anyway (which is an entirely separate issue)
The reason encryption is uncommon is that it is not easy for normal users to use, the scenario you propose is not useful for most users.

Re: So what ever became of public key escrows?

[kermidge]

they've been offering these for some years now

The "Made in Germany" brand

[jphamlore]

It's too bad in some sense that the Bundesliga is so famous it would be prohibitively expensive for PBS to bring back "Soccer Made in Germany."

Re:pgp

Apparently even Phil Zimmerman himself doesn't use PGP because the UI sucks so hard.

http://www.forbes.com/sites/parmyolson/2013/08/09/e-mails-big-privacy-problem-qa-with-silent-circle-co-founder-phil-zimmermann/3/

When people send me PGP encrypted mail I have to go through a lot of trouble to decrypt it. If it’s coming form a stranger, I’ll say please re-send this in plain text, which probably raises their eyebrows.

as simple as ABC

[ls671]

as simple as ABC, baby you and me.

Of course encrypt with START TLS but it has nothing to do with gpg/pgp.

-[PinePGP Sun Aug 11 03:08:56 EDT 2013]-------------------
gpg: Signature made Sun Aug 11 03:08:37 2013 EDT using DSA key ID 5BA0D409
gpg: Good signature from ""
--[PinePGP Sun Aug 11 03:08:56 EDT 2013]------------[end]--

Setup your mail

[Thor+Ablestar]

Once upon a time I became paranoidal about my mail security. It took me about 1 hour to install my own mail server with encryption. Then I sent myself a letter via my ISP. And logs had shown that the transmission was really encrypted.

What does it mean: There are the only paths that can be passively intercepted or subpoenaed (I don't take in account MITM): SMTP link from sender to source SMTP server, SMTP link from sender to backup SMTP server, SMTP link to receiving server, POP link from receiving server to receiver and all the computers involved. Sender side may be controlled by sending person, receiver side controlled by receiving person, backup disabled in DNS, so the 3-letter agency will not see anything without special means.

Hack methods: 1) Hack a DNS to insert a backup server and see the message there. 2) Extort the message from any side.

I believe it's enough for 99% of all cases. Other 1% will need something more interesting, and I believe that the "more interesting" cases should not only encrypt the messages, but firstly hide the fact of communications since the messages may be extorted easier than decrypted. In other words, TOR, I2P, VPN and other means for hiding the very fact of communication are absolutely needed.

Re:Setup your mail

[Thor+Ablestar]

Bitmessage is flawed from beginning by the very fact that every node receives all the messages. There should be some distributed storage for messages but it should be managed in a more efficient way. For instance, kept in some nodes whose IP maximally resembles a hash of public key of recipient. Also, the requirement of proof-of-work basically excludes everything except really big computers from being nodes. No OpenWRT client ever.

Re:Setup your mail

[Thor+Ablestar]

It's a design FLAW. If the project becomes operational then about 1 million people will send a pair of messages every day. So, I shall receive 2 million encrypted messages - more than 20 messages per second - and attempt to decrypt them all - in order to receive my 2 messages and drop all others. If a typical message is 10 kbytes long, I will receive 20 Gbytes a day. It's an order of magnitude greater than I consume now. Such system is unusable.

Re:Setup your mail

[Thor+Ablestar]

It stops spammers. But remember the Bitcoin as the bitmessage whitepaper did. Mining of Bitcoin is the proof of work. But it results in invention of more and more sophisticated devices for mining. Now GPU are useless since ASICs have more processing power than GPUs. It will mean that if the network is really useful then this work will be offloaded to GPUs or ASICs and you will need to spend hours to send one letter where spammers with specialized hardware will send them every minute. No Raspberry Pi will ever be as fast as GPU or ASIC.

Between this and the other reply to your post, I think we've established that you really don't know much at all about Bitmessage.

See my answer above.

Forget S/MIME

[DrXym]

S/MIME doomed itself the moment it was based on signed certs obtained from a CA. A few corps might bother with the effort but nobody else would, especially since the cert usually cost money and obtaining it was onerous. And support in most email clients sucked.

I think GPG is a safer bet because it's easy to create a key (btw it doesn't stop CAs selling signed keys if they wished). But at the same time, very few people are going to go to the effort and the ubquity of webmail means many people can't use it without a plugin or whatever.

I think the best chance of crypto becoming prevalent is for some major zone (e.g. the EU) to require browsers to implement a cryptographic framework exposed from JS so that crypto happens client side, and mandate that all webmail destined for government contracts support it. The client side crypto could be OpenPGP compatible to ensure that users can easily create keys and exchange them.

Of course the likes of Mozilla / Google / Microsoft should be proactively stepping up and providing a specification and implementation of this. If they can produce a spec for DRM extensions in browsers, then surely they can do the same for crypto.

Is there any decent alternative to Thunderbird?

[nashv]

Maybe a little offtopic, but I for one have found serious dearth of decent email clients. Is Thunderbird the only option that actually does everything and doesn't look like shit ?

Oh wait, it just upgraded to 17.0 and looks like shit now too.

Re:Is there any decent alternative to Thunderbird?

[Arker]

All email clients suck. Mutt just sucks less.

Re:Is there any decent alternative to Thunderbird?

[Greyfox]

I looked at a lot of E-Mail clients back in the day and didn't like any of them. My favorites, though, were a couple of ones implemented in Emacs. vm and gnus have folders and freaking amazing threading support. Killing an entire E-Mail thread from any message in the thread is great. Their filtering is a bit esoteric to set up but you can auto-filter stuff too. And they have support(ish) for Mime and PGP plugins. The only downside is they seemed to get all bent out of shape every few months and eat all my E-Mail. Minor detail there heh. Backup regularly. I got more spam than actual mail running my own E-Mail server, though. I suppose if I only accepted unencrypted messages from known senders that would have helped. It'd be nice if there was actually an E-Mail server you could configure to do that without having to be a fourth-level E-Mail server blackbelt. Client side filtering still wastes your bandwidth on spam.

Re:Is there any decent alternative to Thunderbird?

[CronoCloud]

I've been using Claws-Mail for some years now. I replaced Thunderbird with it back in the Thunderbird 1.5 days IIRC.

Re:So What Ever Became...? How About "So What?"

[mellyra]

The problem is that SMTP TLS is marketed as a solution to a problem - intelligence agencies reading your emails - that it simply doesn't solve. Thus it creates a false sense of security.

In itself and without the misleading marketing its implementation would of course be a very positive development.

Why are there not better alternatives?

[wisnoskij]

If there was a Gmail clone right now that used encryption, all the way through, so they did not know what I was emailing any more than they knew my password, I would use it.

And they could even make it possible for you to send non users encrypted emails that have a few ways of being decrypted.
1. Open up an EcrypMail account. Its free and easy.
OR
2. Download this software and set it up like this.
etc

Re:pgp

[Thor+Ablestar]

You have 2 alternatives: either use UI that sucks - or to be incarcerated in FSB due to contents of your letter. Your choice?

Three German Providers Proudly Enable TLS

[pizzap]

Well, it's 2013 and they were talking plain text all this time?

And by the way: GMX/WEB.de aka "United Internet" has a data center in the Cansas.

Re:Three German Providers Proudly Enable TLS

[pizzap]

Let me just add this: They won't talk TLS to any mail server, just amongst each other. And if you send a mail from Web.de to GMX you get a warm fuzzy icon in the web interface.

Re:pgp

[e065c8515d206cb0e190]

That's /one/ alternative.

Re:pgp

[CronoCloud]

Part of the problem is he's using Symantec's PGP rather than the OSX build of GnuPG. And considering that the original version that HE created was command line only, he should know that to decrypt something sent to him, all he needs is his own private key. I mean, after all, he's Phil Zimmerman, doesn't he have his key?

Re:Sounds like smart advice

[PPH]

Just be certain to remember this the next time you are selected for a jury and have to listen to law enforcement testimony. Every defense attorney should ask LE witnesses about 'parallel construction'. And if they answer in the negative, ask them how the court can ascertain that they are not lying at this moment.