Re: [Cfrg] Email encryption for the wider public
Henry Augustus Chamberlain <henryaugustuschamberlain@gmail.com> Fri, 19 September 2014 09:33 UTC
Return-Path: <henryaugustuschamberlain@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 884A11A007E for <cfrg@ietfa.amsl.com>; Fri, 19 Sep 2014 02:33:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1
X-Spam-Level:
X-Spam-Status: No, score=-1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y5KgpHuF_Lw7 for <cfrg@ietfa.amsl.com>; Fri, 19 Sep 2014 02:33:33 -0700 (PDT)
Received: from mail-la0-x232.google.com (mail-la0-x232.google.com [IPv6:2a00:1450:4010:c03::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F9071A0067 for <cfrg@irtf.org>; Fri, 19 Sep 2014 02:33:32 -0700 (PDT)
Received: by mail-la0-f50.google.com with SMTP id ty20so2774975lab.37 for <cfrg@irtf.org>; Fri, 19 Sep 2014 02:33:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=zkTV24DLGIxBtbmba8f7q+HPE+1AcbmHLROsqzf+Czo=; b=EvpIu+5fhdzYWhbClS4kT3f+7FVthgFDWIyF2kvY2K4Hl+kXVK9AYB3JlRHIHSHkir 1etGkJEQion8b0YLBzTBvD10tptaeyvpa3NvQZ52yxHwkobD2Mc8VY6lEIjWwQ+6Py3c 44Vv1tHHZPweXiXbTJPevTUaDhA7Lz3EefMojkRnPQmN3igS/u5h0hO5JMfin4L+H2vv a7NKLOx41EPbw8vGnisDG7VSqWZJ1mw8EkVGS4F3hCn4xcHH7/8gATM9dx0hSKyIg6ka sIrf75TpMaeym4+Q81sp23uoPcVcCxtgaUw8gZYQlFcO9iYw5HWWIAvT4cYSu27JdSfe 4dNA==
MIME-Version: 1.0
X-Received: by 10.152.43.99 with SMTP id v3mr5439032lal.13.1411119211230; Fri, 19 Sep 2014 02:33:31 -0700 (PDT)
Received: by 10.25.41.145 with HTTP; Fri, 19 Sep 2014 02:33:31 -0700 (PDT)
In-Reply-To: <CAAMy4US_+776z-S-f9MMKnRC4BcP1pwV_DoPueDzpks0R3hfjw@mail.gmail.com>
References: <CABU-GB37qpwUuTtK15VmykzuR4_-AVQvSFUYXO=W8VC3J2hEFA@mail.gmail.com> <CAD2Ti29NreOO75KPNE3a5P6Fg-A7+O1H4NLRRQM4t7_QAwebaA@mail.gmail.com> <CAAMy4US_+776z-S-f9MMKnRC4BcP1pwV_DoPueDzpks0R3hfjw@mail.gmail.com>
Date: Fri, 19 Sep 2014 11:33:31 +0200
Message-ID: <CABU-GB1p8dPE0Pq1cCGixantmHvvVqgg6igWxnM9sUiqx4LC9Q@mail.gmail.com>
From: Henry Augustus Chamberlain <henryaugustuschamberlain@gmail.com>
To: cfrg <cfrg@irtf.org>, cpunks <cypherpunks@cpunks.org>, p2p-hackers@lists.zooko.com, "cryptography@metzdowd.com" <cryptography@metzdowd.com>, "cryptography@randombit.net" <cryptography@randombit.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/N6eMULfXOawlFj1vq3WF3wqzqjs
Subject: Re: [Cfrg] Email encryption for the wider public
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Sep 2014 09:33:34 -0000
Hi all, Some very interesting points so far. To avoid making this email too long, I'm going to reply without quoting - I hope this doesn't inconvenience anyone. Regarding the memorability issue, all I can say is that end-to-end encryption really does require sharing 100+ bit keys - it's essential! You may be able to memorise your email address at the moment, but that's only half the story, since you can't memorise your public key! I can't solve every problem with PGP, but I still think this proposal solves a fair few of them. In some cases it improves on PGP, and in the other case it's at least no worse: you can still use online institutional directories etc if you want. Don't forget all the advantages this scheme could bring! Simplicity and transparency for the end user is really important! They're more likely to understand the significance of a public key if it forms part of the address (despite not understanding why it has to be this way). Perhaps it doesn't help Derek's mum - nor my mum, for that matter - but there are plenty of people for whom PGP is to complex whereas this scheme would be manageable. If you wish, you can send some emails encrypted and others unencrypted, just like you can with PGP - in this case, you'd just need two addresses (which is surely no worse than PGP, where you have an address and a key). Regarding telephone conversations: if it's with a mobile phone, perhaps a text message would work; if it's a landline, you probably have internet access, so an initial unencrypted email would work if you're not worried about man-in-the-middle attacks. (If you are worried about such attacks, then a bit of effort might be required, beyond just rattling off a short email address over the phone.) By the way, I'm suggesting printable characters to encode the key, not arbitrary bytes. An alphanumeric character stores nearly 6 bits (or 5 if it isn't case-sensitive), so 256-bit keys would require around 50 characters. Email standards allow 64 characters for the local part of the address, so there's room for error-correction too. Regarding the point about forged email addresses: for cryptography to work, you need to identify people using their keys, not their addresses. With PGP, you could send an email to my mum, using my email address but the wrong signature; if my mum is just relying on the email address, then that defeats the purpose of PGP. Of course, most PGP systems compare the key with that stored in the address book; a similar system can be used for my proposal, but with the advantage that forged emails don't give rise to the situation where the address is known but the key is unknown, which might lead a naive user to assume something's broken with the crypto software. Regarding webmail... I still haven't solved that one. Maybe there's an inherent contradiction in trying to include webmail in an end-to-end encryption system. I like the idea of using the "address+key@gmail.com" technique, although it does contradict the idea of "identify people using the key, not the address". Also, in my original proposal, I suggested using the private key (instead of a password) to login to the email server. I reckon Gmail is unlikely to allow that in the near future :) Best wishes, Henry
- [Cfrg] Email encryption for the wider public Henry Augustus Chamberlain
- Re: [Cfrg] [cryptography] Email encryption for th… Henry Augustus Chamberlain
- Re: [Cfrg] [cryptography] Email encryption for th… Henry Augustus Chamberlain
- Re: [Cfrg] [cryptography] Email encryption for th… Michael Hamburg
- Re: [Cfrg] [cryptography] Email encryption for th… Henry Augustus Chamberlain
- Re: [Cfrg] [Cryptography] [cryptography] Email en… Werner Koch
- Re: [Cfrg] Email encryption for the wider public Henry Augustus Chamberlain