E-Mail Encryption: Why Isn't Everyone Doing It?
Thu Oct 24 11:41:02 2002
-----BEGIN PGP SIGNED MESSAGE-----
I agree with all people telling that users will not use anything that makes
e-mailing more complicating. Especially pass phrases are a great obstacle.
Many people hate them.
An other great obstacle is that people don't want to learn anything about
encryption. And thus cannot take any responsibility for their own security.
They can (and will!) do a lot of mistakes that compromises their security.
- - The idea to have two different passphrases: one for signing and one for
decryption is brilliant. It would make it possible to have a greater
protection for the signing key and doing automatic decryption. That is
important: you can have a signing key with a long life and regularly change
the encryption keys (without loosing the signatures on your signing key and
thus "transferring" the trust to the new encryption subkeys you create).
- - I belive GPG Relay is a great way in the right direction. It does
automatic tasks of your choice: encryption, signing, decryption, verifying.
You can choose to enter your passphrase as needed, cache your passphrase
for a specified time or for the session, or enter it to the program once
and use it for ever. One great advantage is that you can choose your
security level and set it according to your security needs. And it is
possible to use one key for automatic tasks with GPG Relay and an other for
more sensitive tasks with more traditional interfaces like WinPT or
plug-ins for e-mail programs. http://sites.inka.de/tesla/gpgrelay.html
- - Key exchange is still complicated. Why not automatically download keys
from keyservers for all e-mail adresses in your address book? And do the
same whenever you add a new adress? It would be fine with such a feature in
the plug-ins for Outlook Express and Eudora!
- - Authentication is still complicated though. I recently discovered a
security risk that i had not ever thought about before. I verified key-data
(fingerprint) by phone with a person I knew. All seemed OK, but during the
conversation it occurred to me that the keypair was not created nor
controlled by that person. He actually had a consulting programmer from an
external company "helping" him to create the keypair and the programmer had
a backup. Ignorant users does not know to protect them selves.
Afterwards I realised that it is never possible to know if anyone have
exclusive control over their key. You simply have to trust the other person.
And more: often it does not matter! That is: if my contact choose to share
the key with an external consultant it is his choice. It is good if I know,
but I cannot always know. I can still use the key for encryption to him, as
long as he is willing to accept the key as his own.
But it does matter if I send something that I do not want to be read by
ANYONE but the intended recipient. Then I must trust the recipient -
otherwise he could print the document and give it away anyway.
By the way I read an article on how to implement PGP-encryption in a
company. The author suggested that an administrator would create the
keypairs for all users and sign them with a company signing key. Then he
should distribute the keys to the users and keep a backup of the public
key. "But the secret key should not be kept". What would prevent the
administrator to keep the secret keys for any reson? How would you know how
many people controls the secret key for a user you encrypt to?
At 19:33 2002-10-18 -0700, you wrote:
>While an estimated 900 million people use e-mail, few take advantage of
>NewsFactor.com, Aug. 5, 2002
>Sign Up for Juno Platinum Internet Access Today
>Only $9.95 per month!
>Gnupg-users mailing list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (MingW32) - GPGrelay v0.90
-----END PGP SIGNATURE-----