Re: On email and web security

Phillip Hallam-Baker <> Fri, 01 January 2016 05:00 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 09B2C1A0167 for <>; Thu, 31 Dec 2015 21:00:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 1.423
X-Spam-Level: *
X-Spam-Status: No, score=1.423 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id THUhAkR73ZoE for <>; Thu, 31 Dec 2015 21:00:05 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4010:c04::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B4D931A0161 for <>; Thu, 31 Dec 2015 21:00:04 -0800 (PST)
Received: by with SMTP id sv6so125688979lbb.0 for <>; Thu, 31 Dec 2015 21:00:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=qJeDt+mEJNvm2cQHN2gwELl3KqWldclW/qdzJaPMfAI=; b=m4Z+VcsRFJRBgxrJMG5vKbzu+GeCzxzR/0x2pf750Q8ALMh4P77h4AGmdZTAChVFgu WPXo3TPbNiriwIlzC22Apdpy4aoZXNTfpHH18EJ483u8qz5v7Br3lBz0BamTS2jIieK3 6nyshGQc1Nm6d5IhvUDZj7YTv+jHus1r4LMGNrDLOwe5x5OsoAYNIZxXJyEOlnFyFyw0 yOp3/ZM2UzB+fLPhFfWEb6RovgfmLtLOmlcc3+7c4F+R/euqW7Dyc3X+9yPBNIiPcR3b wW1osX4N7LtvDgcUA4543DMaRyomFSmZxNHnQy2T0/yiCZfRA4FfA5ytXCxDWOBV0eMu AiUA==
MIME-Version: 1.0
X-Received: by with SMTP id k5mr8107055lbs.133.1451624402888; Thu, 31 Dec 2015 21:00:02 -0800 (PST)
Received: by with HTTP; Thu, 31 Dec 2015 21:00:02 -0800 (PST)
In-Reply-To: <>
References: <> <>
Date: Fri, 01 Jan 2016 00:00:02 -0500
X-Google-Sender-Auth: 9168owG1TfIgkESLoQ3GdRCNZU4
Message-ID: <>
Subject: Re: On email and web security
From: Phillip Hallam-Baker <>
To: "" <>
Content-Type: multipart/alternative; boundary="001a11c3eeb6e1ad8305283ea4f3"
Archived-At: <>
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 01 Jan 2016 05:00:07 -0000

The problem of messaging security right now is very similar to the problem
we had early on with stopping spam. Whenever someone proposed a solution to
problem X, they would be drowned out by a chorus of people saying that the
REAL problem is Y and then someone would insist it is Z and then someone
would demand that the solution work in zero gravity.

There are many problems to be solved with messaging security and I think
they are all solvable *in time*. There are problems that can be solved
right now and there are problems that we can't address for a couple of
years when some critical Intellectual Property is no longer encumbered. And
there are problems that can't be solved without completely re-doing the
messaging infrastructure.

So here is the problem I have been working on recently. At the start of
this thread Fred complained that he has a list of people's PGP keys and
email addresses but can't send them encrypted mail. I have a PGP key on one
of the key servers but I tell people not to use it because I don't have the
private key. I installed a plug in, started the program and it uploaded the
key to a server without asking me and didn't tell me how to delete it
either. And it turns out that isn't possible.

We can't get everyone using encrypted mail if we design products for
outselves, like Fred pointed out. But another part of the problem is that
these days we all have multiple devices and neither OpenPGP nor S/MIME has
any mechanism that is suitable for managing that situation.

No copying my private key file about is not a solution. A private key that
is installed on more than one machine should be rolled over regularly. By
which I mean once a month. So using fingerprints of public application keys
isn't going to be an answer either.

My point here is that the email security apps are not currently usable and
there is no way to make them usable without standards support to automate
the administrative tasks that are dumped onto the user.

Which is what I have been building the Mathematical Mesh (MMM) to address.

I have released the code:

Next week I will be working on some demonstrations. The bottom line is that
any time that the user is given a set of instructions to follow, that set
of instructions should be given to the computer instead as code.

The prototype runs on windows and will configure unmodified Windows Live
Mail to use S/MIME without the user needing to do anything other than say
which applications they want to secure.

The same approach can be applied to OpenPGP. But rather more interestingly,
it can be applied to SSH as well and the same tool that simplified
management of cryptographic configuration can be used to simplify network
configuration as well.