Re: [Endymail] What are the problems?
Phillip Hallam-Baker <phill@hallambaker.com> Mon, 08 September 2014 02:21 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD5B61A0B81 for <endymail@ietfa.amsl.com>; Sun, 7 Sep 2014 19:21:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.422
X-Spam-Level: *
X-Spam-Status: No, score=1.422 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q1C-ajHfBe5a for <endymail@ietfa.amsl.com>; Sun, 7 Sep 2014 19:21:10 -0700 (PDT)
Received: from mail-la0-x22d.google.com (mail-la0-x22d.google.com [IPv6:2a00:1450:4010:c03::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 136441A0B7E for <endymail@ietf.org>; Sun, 7 Sep 2014 19:21:09 -0700 (PDT)
Received: by mail-la0-f45.google.com with SMTP id pn19so16647215lab.32 for <endymail@ietf.org>; Sun, 07 Sep 2014 19:21:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=IkMs9maqU4QtZHN3SS0xZuXfz/H9dqE5K85+3dh2Ybo=; b=yhNyumRKztHqZ2PHaO1U2N8N2akXqWpmY4nAmT8ACriz2XbRHiSLaaT9YTdGFZ1WRn QOueAkkPSeUL94Agxvw11feFGGASAkLzE0mAcJtMwE0xN0sW59JJl2mmiI//ywskuYAt YRhRtOCf+8WD3koIppq5NjcC5F4r8fc/r1paXB0WNl3gkv+URtK/8iyN4IFizrndtLfY kIEI9dUjkLzFDkwzixolC5HnEtvOtn0C62zLMXqzKE20p+mPYZXnlGugaXH4+r4+CJrs 33GQ2gtMSEZ/gC5VfgcPHylR0o8h3HSRVmgGytsv5g7mATH+iCO0Q23gxdAo9Dbdjin6 1G2A==
MIME-Version: 1.0
X-Received: by 10.152.18.165 with SMTP id x5mr7061110lad.42.1410142868179; Sun, 07 Sep 2014 19:21:08 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.122.50 with HTTP; Sun, 7 Sep 2014 19:21:08 -0700 (PDT)
In-Reply-To: <CACsn0cmmpg3VAEdVdLsBRJUkHnnPJ7fAXBaH4oVpRHm1LdK0sw@mail.gmail.com>
References: <CACsn0cmmpg3VAEdVdLsBRJUkHnnPJ7fAXBaH4oVpRHm1LdK0sw@mail.gmail.com>
Date: Sun, 07 Sep 2014 22:21:08 -0400
X-Google-Sender-Auth: O3nFNkPBXR3itTOjOXEjzhsAbzE
Message-ID: <CAMm+Lwji=YFgCn5NcATSmEmdve8ps1QTJoo6BYbeA_9yyNNvEA@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/E3JMF-J5T7pHeTLKrneifboTfZY
Cc: endymail <endymail@ietf.org>
Subject: Re: [Endymail] What are the problems?
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Sep 2014 02:21:13 -0000
On Sun, Sep 7, 2014 at 1:55 PM, Watson Ladd <watsonbladd@gmail.com> wrote: > Dear all, > Let's back up from spam. > > If we look at E2E encryption, S/MIME is widely supported and deployed. > It's way more heavyweight than it needs to be. PGP same story, but add > in completely weird crypto. (I don't actually know what S/MIME does > cryptographically: my tolerance for ASN.1 is only so high) Both are > unnecessarily complicated. So why aren't they used more? I can think > of a few issues. > > The first issue is UI: nothing much we can do about it here. But if we > reduce the complexity of the protocols by subsetting them, the UI > doesn't need to expose so much, and so conceivably be simpler. While S/MIME is horribly complicated to implement, thats not the cause of the UI disaster. The implementation complication is due to the use of ASN.1 which is a nightmare to program and if you do it the usual way requires a monstrously complex compiler with a big obese run time. But all of that bit is hidden from the user. > The second issue is multidevice usage. Here we have questions about > transporting keys, removing keys from devices (hard), but the core > protocols will work. This is the part where the legacy code is just insane. With PPE, all you do to configure Windows Live mail to accept encrypted mail is run the key generator and post the file it generates to a Web site. If you give it the domain of a crypto service then the service will do the post to a web site for you as well. Without PPE what you have to do is * Find a CA * Find the S/MIME page at the CA site, fill in lots of forms * Respond to an email challenge, here it is essential that you go back to the CA web site with the same browser or it won't work. * Start Windows Live Mail, find the security configuration tab on the account * Tell Windows Live Mail to use the certificate Thats ten minutes if you are lucky. Now Thunderbird on the other hand you have all of those steps only you also have to export the key and certificate out of your Windows certificate manager and then import it into the Thunderbird key manager as well. On iPhone you can use S/MIME but the mechanism for importing a certificate and key was documented nowhere I can find. I had to ask an Apple employee. Apparently you send an email message to yourself with the encrypted key attached. Then you can open the message and it will import the key. Again, this is a one button operation without Web service support and only a little harder with web service support (and then only if you are using the open source version of the code, I would guess if there is a Comodo branded version of the key manager it will automatically connect up to Comodo and so the user won't have to enter anything.) Point is that there is absolutely no reason that the UI can't be fixed. The failure is in the integration into the product. It does not take a usability lab to spot these problems. They should be obvious to anyone with a brain. The whole process is just makework for the user. Another big problem is that pretty much every multi-platform program tends to insist on managing keys itself rather than using operating features for the purpose. The inevitable result is a really shit user experience and gaping security holes. Windows and Mac both have mechanisms in place for protecting keys in a user's account. So they don't need to enter a passphrase to read each mail. Thunderbird tries to use its own and does a horrible job of it. > The third issue is webmail: I'm part of the problem here, but I think > browser extensions (ugh) can solve it: I don't think we need new > protocols. Well reading mail is easy enough, just pop out a viewer that pulls the user's key from the machine keystore. > The fourth issue is key discovery. For S/MIME I don't know how this > works. For PGP the keyservers work, but the control ensuring you get > the right key is the WoT, which is very hard to use, and most people > don't do it. In practice the keys get put on websites served over TLS, > or tweeted. > > We should really think about the merits of the Public File: it's very > close to what we have with PGP, and would resolve a lot of concerns > about CA subversion. > > Sincerely, > Watson Ladd > > _______________________________________________ > Endymail mailing list > Endymail@ietf.org > https://www.ietf.org/mailman/listinfo/endymail
- [Endymail] What are the problems? Watson Ladd
- Re: [Endymail] What are the problems? Elijah Sparrow
- Re: [Endymail] What are the problems? Phillip Hallam-Baker