Opportunistic Encryption

Yenot yenot@sec.to
Fri May 16 00:09:02 2003

Hash: SHA1

On Wednesday 14 May 2003 02:53 am, Ingo Klöcker wrote:
> Trust is the principle the WoT is built upon. Without trust the WoT
> can't exist. And trust can't really co-exist with anonymity. You
> have to know who the key owner is before you can tell GnuPG how
> much trust you want to put in the key owner.

I'm not proposing an anonymous system.  I'm proposing a system that
isn't dependant on public keyservers.  I'm also proposing a simpler

An example may be the best description, so I've written a rough draft.
I've broken OpenPGP use into 3 levels of sophistication.  Each level
can be attacked at the user's own pace.

Level 1: Opportunistic Encryption
For this level, the user just generates a key.  After that, the e-mail
client software does the following:

A) All outbound messages are signed. Mail is encrypted whenever the
   recipient's public key is available. (See my previous post for
   algorithms on key selection when multiple untrusted keys exist.)

B) When a signed message with an attached key is received, we verify
   that the attached key matches the key used to sign the message.
   If so, the key is automatically added to the local keyring.

C) If a received message is signed but not encrypted, any reply to
   the signature owner should have our public key automatically
   included as an attachment.

Eavesdropping protection is achieved after one round trip and no user
interaction or keyservers are required!

Level 2: User authenticates important communication links
Chances are, the user personally knows his/her most important
communication contacts.  The user calls these contacts on the phone
and exchanges fingerprints.  For this, the mail client provides a
simple (non-confusing) pop-up for fingerprint verification and the
creation of local signatures.

Once an e-mail contact has been verified, the client software rewards
the user for this important step with a beautiful secure lock icon
and feel-good colors on authenticated mail (see KMail for examples of
such feel-good colors).

Level 3:  Use of WoT and CAs (optional)
Sophisticated users and users with support from IT staff can use WoT
and CA schemes.  Keysigning parties can be thrown.  People can
install personal trust calculation plugins for their favorite OpenPGP
implementation and so on.

Less sophisticated users can just continue direct key exchanges with
important contacts.  They need not loose sleep at night thinking
about complicated graphs of key relationships and what trust
calculation algorithm best meets their security needs.

> Any proposals for how these clever icons should look like?

I was really hoping people on this list would have some good ideas.
IMO: Whoever came up with the excellent color schemes used by KMail
on signed and encrypted messages should be asked for advice.  Also, I
encourage everyone to read and think about the problem with
web-browsers and self-signed certificates.  Here's the link again:

Since web browsers and e-mail clients are tightly coupled these days,
some idea sharing on user-interfaces might be warranted.

 - Yenot
Version: GnuPG v1.2.2 (GNU/Linux)