Is the OpenPGP model still useful?

Robert J. Hansen rjh at sixdemonbag.org
Wed Apr 27 15:48:00 CEST 2011


(The subject line may be provocative, but please don't think I'm arguing that it's not useful.  I don't know.  I just had an idea a couple of days ago, and I figure it might be worth some discussion.)



OpenPGP takes its origins from ClassicPGP, which in turn comes out of a military threat model of the sort that was more or less standard policy everywhere from WW2 forwards:

Attackers can apply significant resources to interception, and they already know who they want to intercept
Communication technicians are trained, skilled and motivated
Communication channels are centrally defined and structured
Communiqués must be secure for decades or more

There are other elements, but these four are what interest me right now.  OpenPGP defends quite neatly against point one, point two explains why it's okay for OpenPGP to have a learning curve like the Matterhorn, the Web of Trust (which is to say, a loose confederation of CAs) follows from point three, and long-term security is point four.

Now, while there are still environments in which those four criteria hold, the modern day seems to mostly be governed by four different principles:

Attackers need distinguishment more than interception
Defenders are unskilled and perhaps incompetent
Communication channels are ephemeral, media-hopping and ad hoc
Most people don't care if an individual email — or even a series of them — gets compromised

"Distinguishment versus interception" may need some explanation.  Intercepting communications is not very hard: finding what communications need to be intercepted is a labor of Hercules.  We are, figuratively speaking, drowning in a sea of irrelevant and useless data.  The major task is not being able to read the information, but being able to pick signal out from noise.  Distinguishment — differentiating signal from noise — is more important than interception — picking up the signal once you know what it is.

With respect to communication channels being ephemeral, media-hopping and ad hoc: today it's not unusual for a conversation to begin in SMS, hop to Facebook, migrate to email, and finish on IM.  Whatever tool we use to secure our messages needs to be as media-agile as our conversations.

And finally, most people simply don't care if their emails get read.  Open a stand outside a McDonald's offering "FREE BIG MAC AND FRIES FOR YOUR EMAIL SERVER PASSWORD" and see how many coupons you give away.  Odds are good that the loudest voices of outrage would come from Burger King and Wendy's, and they'd shut up once you set up booths outside their restaurants, too.[*]



... So, finally, here's my Modest Proposal.  Encrypt each communication (Facebook post, SMS, whatever) with a random 40-bit key.  Throw the key away.  Send it.  The only way for your recipient to recover the key is to brute-force the message.  By our existing standards this would be absolutely crazy: and yet, it would foil large-scale Hoovering of email messages (adding that work factor to each email message would make large-scale analysis difficult), would address point 2 by getting rid of the learning factor ("install this plugin and that's all you have to do"), would address point 3 by being broadly applicable over a large swath of the problem domain, and if someone recovers a particular message anyway... well, as point 4 shows us, "meh."

(Note: if the phrase "Modest Proposal" wasn't enough of a giveaway, this is not a serious proposal.  It's a thought experiment, just something I found to be interesting enough to spend a few minutes contemplating.)






[*] Some years ago while teaching a computer literacy class, I had the undergrads reading David Brin's "The Transparent Society."  In it, Brin suggests offering a free Big Mac with a mouth swab and driver's license, and plugging these DNA samples into a database of unsolved crimes.  He cheerfully argues there are no privacy concerns since it is so obviously a bad idea, and yet people will voluntarily choose to do it anyway despite knowing it's stupid.  The class had a good talk about this.  The next Monday a couple of students talked to me after class.  "After class last week, we went down to the Pita Pit.  We were sitting around talking about how stupid Brin's idea was and how he was wrong and nobody would be that stupid ... and then we realized we were saying this while we were filling out credit-card applications in order to get a free pita."  When I asked them what they did next, they shrugged.  "We felt kind of stupid.  But we filled them out, got our free pita, and started talking about something else."

You can lead a horse to water, and you can even give the horse a straw, but...


-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110427/987bb559/attachment.htm>


More information about the Gnupg-users mailing list