OpenPGP and usability
Robert J. Hansen
rjh at sixdemonbag.org
Tue Aug 7 21:17:53 CEST 2007
(Two of the three points mentioned in this email are Enigmail-specific.
However, the worst one is an OpenPGP problem, and one that probably
deserves more attention, which is why I'm posting it to gnupg-users.)
I'm sitting in the Hampton Room of the Sheraton Boston right now
attending a meeting of electronic voting researchers. A few minutes ago
a big name in computer security--if I gave it, you would probably know
it--finished talking about his experiences with a large voting machine
investigation, and how they were using OpenPGP to secure communications
between researchers. Or, at least, trying to.
I have his permission to relate his experiences to these lists. I am
omitting his name because I am going from my memory of the conversation
I had with him, and I may have misunderstood a detail here or there, and
I don't want to do anything that might besmirch his reputation because I
Anyway. The problem, as he said: "forty computer security professionals
can't use GnuPG among them because the [cognitive] overhead is too much."
He had several mailing lists for different tasks in his electronic
voting research. Roughly 40 people in total were on the mailing lists.
His ultimate goal was to ensure confidentiality; assurance was not a
major issue, but was a nice side benefit. He was using Enigmail and
GnuPG, while other people on lists were using GnuPG + gpgol, PGP +
Outlook, or (in one case) a custom Windows PowerShell script gluing
together GnuPG and Microsoft Word. I do not have version numbers for
any of these.
The good news: he describes Thunderbird + Enigmail + GnuPG as "the best
thing going for email crypto," or words pretty close to that.
Unfortunately, that turned out to be pretty faint praise.
Problem 1: key signatures. He says he couldn't figure out what he
needed to do with the keys. Did he need to sign them? Trust them?
What's validity and otrust again? Who should be set up as a trusted
introducer? Why wasn't the cursed thing working?! As he said, "I know,
I knew what needed to be done, but even knowing what needed to be done,
I couldn't figure out what needed to be done." Even just talking about
it, months after the fact, he sounded frustrated.
Problem 2: PGP/MIME. Correspondents who were using PGP/MIME for
attachments found massive interoperability problems. Apparently,
Enigmail has an idiosyncratic way of doing PGP/MIME which causes
heartache and woe for non-Enigmail users. (I haven't confirmed this;
this is just according to him.)
Problem 3: Key selection. They ultimately decided to just go with a
single shared GnuPG key for each mailing list. The idea here was that
as soon as the project finished, each person could just nuke their copy
of the mailing list key and the mailing list messages would effectively
be put forever beyond use. However, Enigmail would frequently
encrypt-to-self, or encrypt to the keys of other people on the mailing
lists, or... etc. Ultimately, he says that his resolution was just to
always show the key confirmation dialog.
More information about the Gnupg-users