Slashdot Mirror
Encrypted Email Is Still a Pain in 2017 (incoherency.co.uk)
Bristol-based software developer James Stanley, who used to work at Netcraft, shares how encrypted emails, something which was first introduced over 25 years ago, is still difficult to setup and use for even reasonably tech savvy people. He says he recently tried to install Enigmail, a Thunderbird add-on, but not only things like GPG, PGP, OpenPGP were -- for no reason -- confusing, Enigmail continues to suffer from a bug that takes forever in generating keys. From his blog post: Encrypted email is nothing new (PGP was initially released in 1991 -- 26 years ago!), but it still has a huge barrier to entry for anyone who isn't already familiar with how to use it. I think my experience would have been better if Enigmail had generated keys out-of-the-box, or if (a.) gpg agreed with Enigmail on nomenclature (is it a secring or a private key?) and (b.) output the paths of the files it had generated. My experience would have been a lot worse had I not been able to call on the help of somebody who already knows how to use it.
EFF has done a great job with their "Encrypt the Web" campaign and gotten a lot of big websites to switch to https as their default protocol. The difference is that people running those servers are usually more technically minded (they're admins), so the implementation goes a lot easier. When dealing with non-technical end users, you can't expect them to do anything extra to set it up for them; it's just gotta become the default and get pushed to them. Anything else is a recipe for non-adoptance.
Not only this, but as 'tech savvy' people, I know of only two people using PGP for personal email purposes. I think the future of encrypted email needs to be lead by someone like Google implementing it into gmail by default, generating keys easily for common folk, etc.
Some people die at 25 and aren't buried until 75. -Benjamin Franklin
The concept of using PGP is privacy in your private messages. That concept goes out of the window once google is managing your keys.
People forget things all the time. At some point you are going to forget where or what the key is for your encrypted email, so what to do? Recovery of that key is going to be necessary. Which leads to an entire host of other problems, many of which are security related.
So yeah, until memory becomes infallible we're stuck with encrypted emails having a certain amount of pain that comes along with them.
I've had to mess with PKI encrypted email (as a job requirement) many times over the last 15 years. In my experience, the problem is the underlying PKI support. It's really hard to load & manage certificates, deal with revoked certificates (including preserving emails when a certificate expires), etc. Some of that is, I believe, due to the complexity of PKI itself, and some of it is due to poor (at least from a user experience perspective) support by the OS vendors. Much of my experience is with DoD PKI, including their huge chains of PKI certificate/trust.
If the PKI infrastructure worked well, encrypting/decrypting email should be easy. But if the PKI infrastructure makes it really hard to manage certificates, there's nt a lot the mail user agent can do about that!
The problem is that most of the public still uses web-based email (GMail, Yahoo, etc) and mobile. Gmail won't support even the most basic of encryption because their entire business model depends on reading other people's emails.
What GMail COULD do is put some sort of header on GPG-signed emails saying that this is certified as from an account.
I have given up on GPG. It is a great program and in principle it is all you need. Until you have tried setting it up for your parents, spouse or friends.
It cannot and will not work. It is too complicated. The best solution I have come up with is using tutanota (others exists as well) . It is not perfect, but now must of my family use encryption without really realising it:)
I was sent a message encrypted by https://www.virtru.com/ and it wasn't a problem to open it on my end, no account required.
I liked the idea and took about 5 minutes to get it setup on my end so I could send encrypted email, too.
It's about the simplest setup I've seen yet, and only downside is a couple of second lag opening an email (time it takes to decrypt)
Having said that, my employer, the Department of Defense, uses Outlook and a card with a chip in it that stores my credentials, and I can encrypt an email simply by clicking on a button.
At my last position, with the Department of Energy, we used Entrust along with Lotus Notes and credentials stored on the chip on our badge. It was very straightforward even for the non-tech-savvy among us.
He's getting rather old, but he's a good mouse.
Rubbish.
Not even the most non-techie user would turn down "encryption" if it was offered.
The real problem is the stupid email software writers who insist on using "certificates", rings of trust, etc. I'm looking at you, PGP.
Secure mass communications doesn't need all that, all they need is a way to exchange keys automatically and a way for people to compare key fingerprints if they suspect a man-in-the-middle. Whatsapp have managed it perfectly.
It only takes a small percentage of the population comparing fingerprints to find out of the NSA is engaged in mass e-mail manipulation. Anybody worried about privacy can simply do the fingerprint check. No certificate authorities to pay, no rings of trust needed.
If I was a conspiracy theorist I might _also_ suspect that the real reason it hasn't been implemented by major players (eg. Microsoft) is because the US government doesn't want them to.
No sig today...
There's a button in the 'compose email' window to turn it on, and there's online help for how to import a signing cert. Keychain will create a cert for you and a CSR, but it's then up to you to have it signed. The most important part of the grandparent's point is nothing to do with Apple though. Thunderbird also supports S/MIME out of the box, as does Outlook. The author of TFA decided to try two third-party add-ons for encrypting his mail, instead of the industry standard one that's built into the mail client that he was using. He then discovered that it was hard and acted surprised.
I am TheRaven on Soylent News
The article says "I DuckDuckGo'd for keywords like GPG..."
I feel like the idiom should be "I DuckDuckWent" instead.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Try talking your non-techie friends into a Linux desktop. Even after you show them that the "Start button" is right where they expect it to be, and that the email and browser clients work just like they're used to and that they can do what they've been doing as easily as they've been doing it, there will be concerns. It all falls apart when they say "Can I buy a disk and install my own software?" and you say "No, but here's an easier way to install software from a vast repository of packages", they're done. They don't even ask what's available or how it works, their eyes glaze over and they hold up a CD-ROM of Cute Kitteh Pics and proclaim that they can't live without that version of that software - and it has to look exactly like they expect it to look. Anything else might require their direct attention.
Now, back on subject - you say "encrypt your email". They say, "okay, how?". You install and configure it for them, you make sure they only have to click one button to encrypt any given email. They say "Cool! And my grandma will be able to read this, right?"
You start explaining how this will work. Their eyes glaze over and they say they'd like to encrypt emails to their friends when they discuss their legal but oh-so-risqué lives, but if they can't email grandma it won't work. It's too late to tell them they got it wrong because their eyes have already got that hundred yard stare thing going on. You made somebody think about something and rather than believe they can understand it, they take the easier path of not even trying.
Bottom line - you're not trying to teach a behavior, you're trying to change a behavior. I've go GPG implemented. It's completely unused because nobody I know cares. They're not afraid of the government reading their emails and they accept that Google, Apple and Microsoft won't do anything worse than target advertising at them. Even after I offer to make it one-click convenient for them, most of my associates don't want it.
Except the part where it's stored unencrypted on every server during the trip. You don't know how long it stays on the server as there could be a long queue of outgoing mail or the receiver isn't responding. Then it could be caught up on backups. All available to be read unless you have encrypted it yourself.
When the standards for eliptic curve signatures were being developed, the NSA, in response to the submission recommended (without, I believe, much explanation) a slight different set of constants used to define the curves, and those recommendations made it into the standard.
Did they suggest the new constants, because they knew the initially proposed ones had weaknesses? Or because the ones they suggested had properties that would allow the NSA to break those signatures?
The general wide spread use of email encryption lacks a use case. The situations where an ordinary person would require encrypted email is incredibly rare and it's most definitely not worth the hassle. Think of the use case for email: You're trying to send a message to someone. Like a letter it could be intercepted and read, but in general it's still just plain text. Like a letter we can take basic precautions such as encrypting attachments or sending separately documents to prevent accidental collection, but fundamentally it is still something that for the most part in general needs to be read.
I personally wouldn't have enabled email encryption if I didn't need to on a very rare occasion have to handle sensitive information, but even then it's simply easier to often send an encrypted attachment.
You're talking about transit. Emails in transit may be encrypted but they may not be at the endpoint. It's like entering your bank details into some random site that looks like your bank with only the confidence that you're using HTTPS and without actually knowing if the other party is your bank or not.
Let alone understanding the differences between key types, and why some are better than others. (like why you shouldn't trust the RSA algo.)
The end user has no need for understanding that. They even shouldn't need to care.
The only way we'll ever see e-mail encryption if it's as transparent as WhatsApp's end-to-end encryption or https transfers. The moment you have to bother the user with manual key management there's an issue. If the user has to choose what key to use, it's a disaster. He shouldn't have to know why to trust or not to trust RSA or other key algorithms. That's for the application writer to figure out, and only offer suitable protocols to begin with. Then why ask the user about different protocols? The developers know more about that, and I trust them to be better suited to make an appropriate choice than me who knows little to nothing about encryption.
I don't know what algorithm WhatsApp uses to encrypt my messages. I can read it, receiver can read it, no-one in between can read it. I'm good. Of course I have to trust WhatsApp to do it properly - I know there are really smart people all the time trying to break these things, and I have yet to hear about this having been broken even partly. That is enough for me as simple end user to get the feeling they've done it well. It's probably breakable, but it's for sure not easy, and they don't bother me with keyrings, secret/public keys, algorithms and other things that I know almost nothing about.
I like computers, have a strong interest in the subject, and I'm sure I know a lot more about all this than the average person. So if e-mail encryption is hard enough to make me not even bother, a lot has to be done to make it usable for the average Joe.
After the snowden reveal, I switched to it exclusively when communicating with a friend of mine.
The NSA is not interested in your cat videos.
But if they are encrypted, they don't know they are cat videos. One of the points of encryption, like document shredding is to "do" everything, if you only 'do' the important things the Snoops will know what is important and what isn't. Decrypting, like reassembling shredded documents is very expensive, make them spend on junk mail and cat videos and they won’t be able to afford your important stuff.
Apocalypse Cancelled, Sorry, No Ticket Refunds
Okay.
But the RSA algorithm is not the same as the ECC algorithm and both were designed by different people.
Rubbish.
Not even the most non-techie user would turn down "encryption" if it was offered.
The real problem is the stupid email software writers who insist on using "certificates", rings of trust, etc. I'm looking at you, PGP.
Secure mass communications doesn't need all that, all they need is a way to exchange keys automatically and a way for people to compare key fingerprints if they suspect a man-in-the-middle. Whatsapp have managed it perfectly.
So really what you're saying is that the whole Web-of-Trust support needs a little more automation...there's lots of public places that can store the public side of a GPG/PGP key that can be easily retrieved. The problem is that many - especially new - PGP/GPG users don't know to use them, or how. If that was automated by Enigmail (and others) then it would just work...though it'd still be best if you exchanged fingerprints in person to verify you got the right key from the keyservers.
Any CA involved is problematic, which is why GPG/PGP is better security than the CA model.
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
Bristol-based software developer James Stanley, who used to work at Netcraft, shares how encrypted emails, something which was first introduced over 25 years ago,
Got enough commas in there?
is still difficult
Uh, what? Emails is still difficult?
but not only things like GPG, PGP, OpenPGP were -- for no reason -- confusing
"Not only were things like..." would've been easier to parse, though this is borderline cromulent.
Enigmail continues to suffer from a bug that takes forever in generating keys.
The bug takes forever "in generating" keys?
Look, if English isn't the submitter's first language, that's no big deal. But somebody, somewhere, should be responsible for editing submissions if you want people to actually think you're a professional news aggregator.
systemd is Roko's Basilisk.
As near as I can figure out he really pissed off because gpg doesn't say
"We're calculating really complex mathematical shit, we're really not frozen."
then
"we're not frozen, just really busy doing computer stuff that's really complicated, so don't start pounding on the keyboard until we tell you to or you'll just screw shit up"."
and finally
"start pounding on the keyboard like a chimpanzee trying to write the complete works of Shakespeare because we need some really random shit"
and use the phrase "shitfest" like punctuation.
Apocalypse Cancelled, Sorry, No Ticket Refunds
So really what you're saying is that the whole Web-of-Trust support needs a little more automation
No, he wants to scrap it. Completely. You just automatically swap keys and display it so you could verify it out-of-band or in-band and warn if it changes. And by in-band I mean that if you say something like "middle three of second group is the http code for file not found, please post it back to me" you need an exceptionally good AI or a live agent there to censor/rewrite it on the fly to match the MITM key even if it's technically not secure. Maybe you know each other in real life and you'll compare keys or make a phone call to confirm the code. Maybe you just agree to both tell a third party part of the code, that would still be hell to catch in an automated fashion. Basically, you'll do more if and only if it's important for you.
The point is, your opponent doesn't know if it's important for you. Your opponent doesn't know whether you have verified it. Your opponent doesn't know whether a new key will set off big red flags. You've made the bar to entry so low as possible, for the people who just click yes yes yes to every security dialog it won't really have any security. But if you're doing mass surveillance you don't know who the 99% who won't notice or care and the 1% that will notice and care are. The only way to avoid being caught regularly would be to not do it on a mass scale. And that's the battle we'd like to win. Activists and such that genuinely need a key vetting procedure, third party verifications and all that can still use GPG. But then the other 99% use no encryption at all.
Live today, because you never know what tomorrow brings
And that's somehow worse than the even longer list of people who have the capability to read or modify an unencrypted plain text email? If you're concerned and sufficiently tech savvy you can verify the certificate yourself just like you can do with an HTTPS website.
The CA system is broken, but it's better than nothing.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
No, he wants to scrap it. Completely.
He wants to scrap what he doesn't understand.
Nope, I want to scrap it, completely.
There's absolutely no reason for every last email user to be in a ring of trust. We only need a small percentage of people to actually verify their credentials and it's enough to spot of the NSA is playing games with the system.
Again, you demonstrate a lack of understanding how PGP/GPG web-of-trust works.
It doesn't work by trusting everyone. You assign trust on a per-person basis. That trust can extend trust if *you* choose it to.
That is to say, by default Web-of-Trust trusts no one. When you trust Bob you can assign Bob a trust rating - that rating can be "I only trust Bob" (1) or "I'll trust Bob and only those he trusts" (2 = Bob +1), or even further trusts (Bob + bob's trusts + people they trust...). You decide the trust levels, no one else. No one can assert the you trust them either. The NSA can't control who you trust either, nor can they inject themselves into a trust relationship with you. Your web-of-trust is only as big as you allow it to be.
In all honestly, web-of-trust is exactly what you described but you missed the key sharing functionality in the key servers - which, btw, only stores the public key portion of the PGP/GPG key set. You can download it, verify it's expiration date and fingerprint, and then decide whether or not trust trust it, how much, and for how long. The party you want to exchange with can do the same with your key if you uploaded it to the key server. The key server only serves as a key distribution mechanism so that you do not have to directly exchange keys in some form (email, usb in person, etc). The fingerprint is a hash of the key that can be easily read and verified (much like the sentence provided in the one example).
So yes - you are describing exactly what GPG/PGP is.
The CA trusts - managed by Verisign, Symantec, and others - puts the trust relationship in the hands of someone else. You say you trust the CA, and you inherently have to trust everyone they trust. The NSA can inject themselves into that because they can attach themselves at the CA trust level and you don't have a choice about trusting them. That's explicitly what PGP/GPG is designed to protect against.
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)