Paul Holman pablos@kadrevis.com
Fri Dec 7 08:26:01 2001

Hash: SHA1

On Thursday, December 6, 2001, at 10:46 PM, Lionel Elie Mamane wrote:
> IMHO, these are convenience-over-security choices.

Yes, most are.  Most mailers and users have taken the extreme 
convenience over security approach: no security at all.  I believe that 
using the OpenPGP standard provides a scaleable security model.  Users 
who require very high levels of security should be able to operate in a 
way that serves them.  Most users would benefit from some opportunistic 
use of email encryption.  It is this mode which has yet to be fully 

>> 1	Key Propogation
>> S/MIME mailers attach the cert to every outgoing message and notice
>> when a cert is attached to incoming messages and add it to the
>> keyring (mixing metaphors a bit).
> Bandwidth waste... And this is polluting the keyring with potentially
> invalid (faked) keys. Adding a key to the keyring in the user's back
> certainly isn't good an idea.

I don't agree.  Promiscuous key propagation encourages the use of 
crypto.  I don't trust keys simply because they are on my keyring.  I 
trust them for various other reasons, some of which can be 
cryptographically enforced within the OpenPGP standard (Web of Trust).

Bandwidth isn't something I waste much time trying to minimize these 
days.  At any rate, a lot of smart heuristics could be applied along 
this path, for instance, the mailer could stop sending keys to users 
whom it his received encrypted messages from.  Or, if we get our act 
together with keyservers, this could be dropped.

>> 2	Opportunistic Encryption
>> Try sending a message to half a dozen recipients when you only have
>> keys for half of them.  S/MIME mailers will encrypt tho those it
>> can, and send cleartext to the rest.
> Hu? That's clearly a security risk. If you want the message encrypted
> and it silently sends it as cleartext... You mean they really do that?
> Oh my god...

Again, this is implementation specific.  If the mailer wants to report 
which users it can encrypt to, great.  If not, this is a way to make 
sure we get at least some of them.

>> 3	Seamless Integration (My favorite!)
>> S/MIME mailers never show you any cyphertext.  They just have little
>> icons to indicate when a message was encrypted or verified
>> successfully.
> Mutt does that >:-)

Great to hear.  If I ever learn to configure Mutt, I'll try it out!

>> However, the problem isn't that the mailer developers are doing it
>> wrong, it is that they haven't been given the tool they need - an open
>> source OpenPGP toolkit.
> libgpgme?

Yes, libgpgme is a good start.

The point here isn't to get into a deep discussion of hypothetical 
implementation details.  If libgpgme or other libraries make it easier 
for mailer developers to integrate OpenPGP into their apps, then we can 
start to see some innovation in making crypto easier to use.  In the 
mean time, you will be forced to email your mom in the clear.

- --
Paul Holman
Kadrevian Nonlinear Accelerator
Version: GnuPG v1.0.6 (Darwin)
Comment: For info see http://www.gnupg.org