[148242] in cryptography@c2.net mail archive
[Cryptography] Email is unsecurable
daemon@ATHENA.MIT.EDU (ianG)
Mon Nov 25 01:32:42 2013
X-Original-To: cryptography@metzdowd.com
Date: Mon, 25 Nov 2013 09:01:31 +0300
From: ianG <iang@iang.org>
To: Ralf Senderek <crypto@senderek.ie>,
Cryptography <cryptography@metzdowd.com>
In-Reply-To: <alpine.LFD.2.02.1311231318220.6481@laptop.kerry-linux.ie>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 23/11/13 15:30 PM, Ralf Senderek wrote:
>
> On Sat, 23 Nov 2013, David Mercer wrote:
>
>> But of course you're right about actual current usage, encrypted email
>> is an
>> epic fail on that measure regardless of format/protocol.
>>
>> -David Mercer
>
> Yes, but it's about time we do something about that. Do we *exactly know
> why* it is such a failure?
It's an interesting question, and one worth studying for pedagogical
motives. From my experiences from both sides, it is clear that both
sides failed. But for different reasons.
S/MIME failed because it is an atrocious key management design.
Everything about it is designed to rely on certs, and nobody wanted to
buy certs, and when you bought them, they didn't work well enough. It's
a CA's perfect protocol because it places the cert at the apex of the
mission, and a user's nightmare because certs fail too frequently in the
aggregate to avoid the curse of K6 -- turn it off, dump it. In
practical import (from actual experience), if you had a group of say 12
people with one year certificates, every month some person was failing
to communicate because her cert had expired.... Do the math.
PGP failed because it never succeeded in conquering the GUI clients.
That was in part because of what PHB calls the Betamax-VHS war. The
providers of the major clients were already in the certificate camp, so
they locked out the PGP side. It was beyond the resources of the PGP
group to crack that barrier.
If you look at the other big comparison, SSL, it won its early battles
against the alternatives in part because one company held the reins,
Netscape. They were able to force through their decisions.
But, there are other reasons. If you look at the overall picture, there
are many other difficulties.
For example, consider traffic analysis or metadata or mass surveillance
-- neither side did anything about that. In fact, they made it worse.
Both sides did not encrypt the entire important data, the Subject: being
the obvious thing that wasn't encrypted. S/MIME clients made it far
worse by insisting that the From: field had to match the certificate
used; which made it a *validated surveillance indicator* as opposed to
just another input to the spam filter.
Then, look at the design of email. Too many steps, too many processes,
too many disjoint systems under too many different RFCs. Difficult.
Then, webmail -- is it encrypted at the server (SSL?) or in the client
(c.f. Hushmail). How many other clients, how many gateways, etc.
Then, the assumptions of email. Everyone can send an email, and the
cost is zero. Result: spam.
Hence, I've concluded that email is unsecurable. Obviously Jon and PHB
and Ladar think differently. I applaud their efforts and hope they
prove me wrong. But the lessons of Skype and Facebook and Netscape are
writ very large -- great security achievements come from 3 party
networks, not 4 party networks.
iang
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography