E-Mail Encryption: Why Isn't Everyone Doing It?

Per Tunedal pt@radvis.nu
Thu Oct 24 11:41:02 2002

Hash: SHA1

I agree with all people telling that users will not use anything that makes 
e-mailing more complicating. Especially pass phrases are a great obstacle. 
Many people hate them.

An other great obstacle is that people don't want to learn anything about 
encryption. And thus cannot take any responsibility for their own security. 
They can (and will!) do a lot of mistakes that compromises their security.

- - The idea to have two different passphrases: one for signing and one for 
decryption is brilliant. It would make it possible to have a greater 
protection for the signing key and doing automatic decryption. That is 
important: you can have a signing key with a long life and regularly change 
the encryption keys (without loosing the signatures on your signing key and 
thus "transferring" the trust to the new encryption subkeys you create).

- - I belive GPG Relay is a great way in the right direction. It does 
automatic tasks of your choice: encryption, signing, decryption, verifying. 
You can choose to enter your passphrase as needed, cache your passphrase 
for a specified time or for the session, or enter it to the program once 
and use it for ever. One great advantage is that you can choose your 
security level and set it according to your security needs. And it is 
possible to use one key for automatic tasks with GPG Relay and an other for 
more sensitive tasks with more traditional interfaces like WinPT or 
plug-ins for e-mail programs. http://sites.inka.de/tesla/gpgrelay.html

- - Key exchange is still complicated. Why not automatically download keys 
from keyservers for all e-mail adresses in your address book? And do the 
same whenever you add a new adress? It would be fine with such a feature in 
the plug-ins for Outlook Express and Eudora!

- - Authentication is still complicated though. I recently discovered a 
security risk that i had not ever thought about before. I verified key-data 
(fingerprint) by phone with a person I knew. All seemed OK, but during the 
conversation it occurred to me that the keypair was not created nor 
controlled by that person. He actually had a consulting programmer from an 
external company "helping" him to create the keypair and the programmer had 
a backup. Ignorant users does not know to protect them selves.

Afterwards I realised that it is never possible to know if anyone have 
exclusive control over their key. You simply have to trust the other person.

And more: often it does not matter! That is: if my contact choose to share 
the key with an external consultant it is his choice. It is good if I know, 
but I cannot always know. I can still use the key for encryption to him, as 
long as he is willing to accept the key as his own.

But it does matter if I send something that I do not want to be read by 
ANYONE but the intended recipient. Then I must trust the recipient - 
otherwise he could print the document and give it away anyway.

By the way I read an article on how to implement PGP-encryption in a 
company. The author suggested that an administrator would create the 
keypairs for all users and sign them with a company signing key. Then he 
should distribute the keys to the users and keep a backup of the public 
key. "But the secret key should not be kept". What would prevent the 
administrator to keep the secret keys for any reson? How would you know how 
many people controls the secret key for a user you encrypt to?

Per Tunedal

At 19:33 2002-10-18 -0700, you wrote:
 >While an estimated 900 million people use e-mail, few take advantage of
 >NewsFactor.com, Aug. 5, 2002
 >Sign Up for Juno Platinum Internet Access Today
 >Only $9.95 per month!
 >Visit www.juno.com
 >Gnupg-users mailing list

Version: GnuPG v1.2.0 (MingW32) - GPGrelay v0.90