sign encrypted emails

[Hauke Laging]

Am Fr 03.01.2014, 01:13:13 schrieb Doug Barton:

> On 01/03/2014 12:59 AM, Hauke Laging wrote:
> | Do you agree that it is (or, depending on the content, can be) an
> | important information whether a message was encrypted by the sender
> | (and for which key)?
> 
> Not particularly, no. The message doesn't get encrypted using the
> sender's key, although it may be encrypted to the sender's key, along
> with the recipient's.

That's not what I am talking about. I am talking about the recipient 
having keys with different security levels. So there are keys I 
(insecure) and S (secure). By insecure I mean a key like the one which 
signs this email: Being used on a normal system (i.e. an insecure one; 
oh no, in a moment Rob will notice that I used "secure" and "insecure" 
again...).

If data is so important that it shall not be encrypted for my key I but 
for my key S only then I want to be sure that it has been encrypted by 
the sender for S. That the message which arrives at me is encrypted for 
S does not ensure this. Anyone can encrypt messages for my key.


> What advantage does it give to the attacker to encrypt a message via
> MITM?

As I said: If a normal user (i.e. one with nearly no security clue at 
all) starts an email conversation without encryption (or with weak 
encryption) and I notice that (because the message arrives unchanged) 
then I will tell the sender to change his behaviour. He will probably to 
that and the communication becomes secure.

It is in the interest of an adversary to prevent the communication from 
becoming secure.


> The likely outcome of doing so would be to reveal that they are
> intercepting messages,

In my opinion it is very unlikely that this would be revealed. There are 
people who like to get everything encrypted and those who prefer to get 
only important data encrypted. Every serious adversary will know what 
type his target is. This is more or less a public information.

So if somebody wants everything encrypted why should he ever ask or 
mention that? It is possible, yes. "Thanks for encrypting your 
messages." Who does that? And how many senders unfamiliar with crypto 
would understand from that that their message has been modified? Maybe a 
nice feature of their great ISP? Even worse with asking such a sender 
whether he has used the right recipient key. Probably he will not even 
understand the problem or misassess the situation.

And if the recipient expects only important data to be encrypted then 
the adversary would encrypt only important data (which may be hard to 
decide automatically though but who would notice a minute delay under 
normal circumstances?).

And why should the adversary not risk being detected? We encrypt because 
we assume that there are adversaries.


> | How can it make little sense to provide this information?
> 
> If the sender cares they can insert a statement in their signed
> message. "I did/did not encrypt this message before sending." Problem
> solved.

Yes. But why should the sender care? The sender can be sure about doing 
it right! The recipient is the one who cannot. And why should we bother 
writing that in every mail if there is a simple automatic solution to 
it? You cannot even be sure that the information is correct! People make 
mistakes.


> My argument is that the _only_ thing relevant to message validity is
> the signature on the message itself.

I do not doubt that in any way but my argument isn't about validity at 
all. It is about guaranteed confidentiality! That is a big difference.


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140103/a56fe822/attachment.sig>