Encouraging email security.

Daniel Carrera dcarrera@math.umd.edu
Sun May 18 05:29:02 2003 

--ADZbWkCsHQ7r3kzd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

> Absolutely! (The only thing I'd venture to correct in
> the above post is the 'interest' part: they *have* the
> interest, but it's - for the vast majority - simply to
> hard to do...)

I hope you're right about the interest part.


> From my observation of "real users", the hardest part is
> not at all remembering (and typing) the password/phrase,
> it's the understanding of the concept of web-of-trust,

Definitelly, I only have a partial understanding myself.


> Large proportion of e-mail users communicate mostly
> in their own "small-world" communities and they have
> absolutely no problem whatsoever exchanging, authenticating,
> revoking, etc. their public keys. It is also most likely
> that communication with fellow members of such communities
> will need to be protected (as opposed to the communication
> with strangers). I would thus suggest that a simplified
> GPG version (GPG-lite?) should be constructed and deployed,
> where the system does not even attempt to assist (let alone
> control) the dissemanation, authentication and revocation
> of public keys. The security of such system would remain
> as strong as the "real thing", provided that the key is
> exchanged in person (its finger verified over phone,
> printed on a business card etc. etc.). Also, while at it,
> I would strongly suggest "one-key-one-file" (text, base64
> encoded) instead of the opaque and hard to understand
> and deal with "keyrings".

How about we just drop the concept of web-of-trust entirely?

Ofcourse, it'll still exist.  I mean, make it so that people can use GPG=20
without ever hearing the concept.

We can make OpenPGP really simple by having people only swap key IDs, and=
=20
making it look similar to Instant Messaging.  Just as people casually ask=
=20
"what's your IM?", they could ask "what's your PGP?".  To that, your=20
friend would give you the key ID.  They don't even need to know that the=20
ID is only an identifyier for the actual key.

If impersonation is not a huge problem, the fact that you are getting the=
=20
key ID from someone you know will be authentication enough.

When you go home, just type-in the "PGP" your friend gave you, and you're=
=20
done.  From then on, whenever you email that address the mail will be=20
encrypted.  We can improve authentication while making it look "cool":
When you type the Key ID the software automatically shows you the JPEG=20
photo of the owner.

To further facilitate key exchange, the mail client could:

  - Always send signed messages.
  - Have a button to download the key ID whenever it gets a signed
    message.

This will cause a natural tendency for the GPG usage to rise.


--=20
Daniel Carrera         | OpenPGP fingerprint:
Graduate TA, Math Dept | 9B32 660B 0557 7D7D 5892 0036 D591 4D05 2938 1B7E
UMD  (301) 405-5137    | http://www.math.umd.edu/~dcarrera/pgp.html

--ADZbWkCsHQ7r3kzd
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (SunOS)

iD8DBQE+xv5S1/ZKhTQTHLARAgDAAKC6afmMD5wpG8F7voe80vLOFq/dOQCZAbSh
FQ5fJW9OCwWKLCoj95J3IUs=
=QkzA
-----END PGP SIGNATURE-----

--ADZbWkCsHQ7r3kzd--