[openpgp-email] On Signed-Only Mails

Bernhard Reiter bernhard at intevation.de
Fri Dec 2 11:29:14 CET 2016 

Hi Vincent, Hi friends of end-to-end-crypto!

[crossposting to openpgp-email and gnupg-devel, I don't know if I am 
subscribed to other lists that Vincent has mailed to, feel free to forward.]

Am Dienstag 29 November 2016 10:20:40 schrieb Vincent Breitmoser:
> (cross-posting on openpgp and messaging mls)
>
> during my work on bringing OpenPGP to K-9 Mail, I found myself
> reevaluating a lot of things. This time it's about signed-only mails.

I like your work, 
it is good to ask questions and think about better solutions!
Thanks for working on K-9 Mail and adding OpenPGP/MIME support,
I believe this this to be really important.

> In short, my conclusion so far is that signed-only mails are very rarely
> useful, they are holding OpenPGP back as a solution for encrypted
> e-mail, and in the interest of usability we should not roll them out in
> email crypto solutions on equal terms with encryption.

My take on this is quite different, in short: I think you are underestimating 
how the relation of implementations and user experience will change
if some of the user facing implementations change.
I consider signed-only emails quite useful for 
a) publically archiving a statement, e.g. when haveing been send to a 
    mailinglist or a group of people
b) an indication that I am able to and want to start an encrypted exchange

> In some more detail:
> https://k9mail.github.io/2016/11/24/OpenPGP-Considerations-Part-I.html
>
> I received positive as well as negative feedback about this, and I'd
> love to hear more thoughts about it.

To your question:
Yes, I occacionally react on missing or failed signatures.
But we shall not design for me, or you or most of the readers of your post.
So I consider this question and possible answers a non-argument.

Your main problem with OpenPGP/MIME signed only emails seems to be that other 
users, not having an OpenPGP/MIME aware email application, could be irritated 
by them.

Am Dienstag 29 November 2016 10:58:43 schrieb Kristian Fiskerstrand:
> > Clearsigned messages can make archiving easier, and allow for sharing
> > of information across groups, while still maintaining it is in
> > non-modified form from an authorized party.

Am Dienstag 29 November 2016 11:18:45 schrieb Vincent Breitmoser:
> Incidentally, this aligns with a thought Bjarni brought up just recently:
>
> https://github.com/mailpile/Mailpile/issues/1693

Here it also is irritation.
While in that issue attached OpenPGP pubkeys seem to be a second case where  
possible irritation arises. Personally I believe pubkeys should not be 
attached to email, so I'll focus on the signed emails in your article in the 
following.

== We need more security states than "save" or "not-save". 

I challenge your assumption that the user only wants two states for their 
security state: save or not-save. While keeping things as simple as possible,
there needs to be a learing experience and the possibility to pay more 
attention to some exchanges as to others. Considering the user experience 
there is a natural mapping for multiple states in other communications like 
whom do you tell what or legal document hand-written signatures. Security 
must match the purpose of the communication exchange in question.
A higher level of authentication go along with other drawbacks like more 
efforts or giving up anonymity. So I do not want those drawbacks for some 
exchanges, but I may want them for others.

Because of the existing natural mapping I believe that software systems can be 
created that are a lot easier to understand and deal with more than two 
levels. They might even provide a better user experience compare to systems 
with only two states. 

Why? There is a pattern that first usage of some crypto-feature will lead to 
an outcry of the next self-proclaimed crypto-nerd: "But that is not secure!
You must do this and that." I consider this pattern more damaging than the 
possible irritation by attachments. The path forward I see is to have more 
states and explain and handle them much better in implementations.


== Better email-clients are a key success factor

The problems with user irritations of signed-only emails could be elevated if 
more users would use a client that deals properly with those emails. This 
means they do not display the signature or the attachement, if the user does 
not want to deal with the implications. 

If better client can help, we are back to the larger problem of how to 
introduce new features in used email clients. Naturally this is a hard 
problem, but one that we (that share the idea of more end-to-end email 
crypto) have to solve to some extend anyway. The progress of better 
implementations is non-linear. There may be a tipping point where almost all 
users say: !Hey, I need a better implementation!" And after this the wast 
majority will be irritated if there is no indication of opportunistic 
encryption or some communication track record based indication if it is 
missing on the email to public.
There are a number of examples for this innovation pattern, just think about 
the appearance of OpenOffice in the user space or the rate that you now need 
a new webbrowser.

Given a possible solution by improved clients, we should try first to make 
them happen before giving up on signed-only emails, which is the solution you 
proposed. You may say: But this hasn't work for many years.
I'd agree with this notion, but because of the non-linear nature we don't know 
how close we are to the tipping point. 

And a second reason is because in the last 1-2 years the OpenPGP 
implementation side has seen a significant more work than in the 6 years 
before (mainly because of the donations that Werner received and the 
BSI contracts my company Intevation is also involved in, documented on 
wiki.gnupg.org). This backend, concept and client progress, especially the 
WKD and WKS things, still have to reach users and there is a good chance for 
them to succeed.

Best Regards,
Bernhard

-- 
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20161202/b6b6588e/attachment.sig>

More information about the Gnupg-devel mailing list