chizumatic.mee.nu

March 15, 2015

Who're you? How can I be sure?

Yahoo sees 'end to end' email encryption by year-end

Maybe, if both of them are using Yahoo for their mail host.

But as a general problem it runs into the same issue as everything else: What key do you use for encryption, and how does the receiver get it without anyone else getting it?

Approximate answer: everyone publishes a public key. If you want to send email to someone, you use his public key to encipher a session key, used to encrypt the email. The encrypted session key is included in the email message.

When he receives it, he uses his private key to decrypt the session key, then uses that to read the email message.

All well and good, except for one thing: How do you get his public key, and how can you be sure you got the right one? That's where this all breaks down. One way or another, no matter how you design this part of it, there's a low/no security transaction which can be snooped or faked by someone bad (or NSA).

End-to-end encryption works better if you exchange a lot of emails with one person and can manually and reliably set up the keys at the beginning of the relationship.

But for a general n-to-n system, to support hundreds of millions of people, and allow encryption of messages sent to abitrary receivers for the first time, there is no way to get there from here.

Posted by: Steven Den Beste in Weird World at 08:12 PM | Comments (9) | Add Comment
Post contains 248 words, total size 2 kb.

1 Yahoo's solution is a simplified OpenPGP client, but the video embedded in the announcement doesn't show the key-exchange. My guess is that keys generated through Yahoo's UI will be automatically published to public keyservers, and they'll sign them to provide basic "web of trust" functionality. When retrieving public keys for new recipients, most likely their UI will consider keys signed by Yahoo Mail or Gmail to be completely trustable, and fall back to a "trust wizard" when it can only find a key that uses the standard model ("this key for bill.gates@microsoft.com is signed by this key for clippy@word.com, who you exchanged email with last month. Do you trust Clippy?").

-j

Posted by: J Greely at March 16, 2015 08:58 AM (1CisS)

2 For something like SSL, this is where the public key infrastructure comes in. I think for PGP-based email encryption, you'd usually send an (unencrypted) email with your public key in it to your new contact. This isn't a major issue when you have other means of contacting the person in question to confirm that you did in fact get the correct key.

Posted by: Jordi Vermeulen at March 16, 2015 12:01 PM (9BWts)

3 Except that SSL isn't really very secure, as we found out recently.

Posted by: Steven Den Beste at March 16, 2015 06:37 PM (+rSRq)

4 The Lenovo thing exposes the fundamental difference between the top-down SSL ("trust us, we're governments and large corporations") and PGP ("trust me, because I can confirm to you on the phone that the key with fingerprint 4096R/E99A570D belongs to Josh Riggs, jkr@example.com") security models.

Sadly, because they have to implement secure webmail on top of SSL, they have to code around just that sort of spyware. Google calls it out in the threat model document for their solution (which the Yahoo stuff turns out to be a fork of).

-j

Posted by: J Greely at March 16, 2015 08:37 PM (ZlYZd)

5 SSL supports the second model as well, to an extent. If you want, I can give you the CA cert for my stuff, and then you can add it to your browser and visit httpS://www.zaitcev.us. It's no different from PGP. The difference is the lack of infrastructure and the ease of fist-contact workarounds in browsers.

Posted by: Pete Zaitcev at March 17, 2015 10:27 AM (RqRa5)

6 Unfortunately, vendors have doubled-down on the standard SSL model by making scary-pedophile-level alerts when you visit a site that uses a certificate not signed by governments and large corporations. I have enough trouble just getting our employees to install the CA and certs for our wireless network, because DARE YE TRUST THIS CERT? is written in foot-high letters of fire in the GUI.

Seriously, what's a newly-hired accountant supposed to think when Chrome throws up the words "Attackers might be trying to steal your information from intranet.foobar.com (for example, passwords, messages, or credit cards)" and someone in IT says "no, just click okay, it's fine?

For all the usability flaws of PGP and the web of trust, at least they don't make it sound like a felony to install a cert.

-j

Posted by: J Greely at March 17, 2015 12:42 PM (ZlYZd)

7 The thing about the "Web of Trust" model is that it'll work fine when you have a bunch of emotionally-invested crypto geeks building the web and precisely checking every single fingerprint at key-signing parties. I am less sanguine about it working well when it will rely on the same people who'll thoughtlessly repost "vaccines give your kids autism" on Facebook.

Posted by: CatCube at March 18, 2015 05:17 PM (fa4fh)

8 Web of Trust doesn't scale. The entire structure is fragile and can become progressively corrupt if even a single user screws up and permits a rogue to join.

Posted by: Steven Den Beste at March 18, 2015 06:04 PM (+rSRq)

9 For me, Gratuitous Complexity is the real sin of PGP and the web of trust. The manual for the standard command-line gpg tool is 50 pages without even trying to explain the web of trust, and the basic usage examples are on page 44. I've lost count of how many "gpg howto" web pages I've come across, often subtly wrong or seriously out-of-date. Pretty much all of the GUIs I've seen expose all that complexity, too, sometimes making them even harder to use.

-j

Posted by: J Greely at March 18, 2015 10:06 PM (ZlYZd)

Hide Comments | Add Comment

Enclose all spoilers in spoiler tags:
[spoiler]your spoiler here[/spoiler]
Spoilers which are not properly tagged will be ruthlessly deleted on sight.
Also, I hate unsolicited suggestions and advice. (Even when you think you're being funny.)

At Chizumatic, we take pride in being incomplete, incorrect, inconsistent, and unfair. We do all of them deliberately.

How to put links in your comment

Comments are disabled.

11kb generated in CPU 0.0111, elapsed 0.037 seconds.
20 queries taking 0.0289 seconds, 26 records returned.
Powered by Minx 1.1.6c-pink.