Re: On email and web security

Fernando Gont <> Wed, 30 December 2015 21:57 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 8A8EA1AD49B; Wed, 30 Dec 2015 13:57:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.799
X-Spam-Status: No, score=0.799 tagged_above=-999 required=5 tests=[BAYES_50=0.8, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Y0B-7k03yIpO; Wed, 30 Dec 2015 13:56:59 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9F5571AD378; Wed, 30 Dec 2015 13:56:59 -0800 (PST)
Received: from [] (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 05955206889; Wed, 30 Dec 2015 16:56:52 -0500 (EST)
Subject: Re: On email and web security
To: "Fred Baker (fred)" <>, Chair Ietf <>
References: <>
From: Fernando Gont <>
X-Enigmail-Draft-Status: N1110
Message-ID: <>
Date: Wed, 30 Dec 2015 18:54:51 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: <>
Cc: "" <>
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 30 Dec 2015 21:57:02 -0000

On 12/30/2015 05:17 PM, Fred Baker (fred) wrote:
> Your focus on actual deployment is what triggered this note. When the
> IETF stated, 2013, that we should seriously consider encrypting
> everything, I took an active step to do so. I extracted every email
> address I could find from IETF I-Ds and the RFC series, looked them
> up in the PGP Key repositories, and added them to mine. I was already
> signing email; I then reconfigured my mail client to, any time I sent
> an email to someone whose key I knew, encrypt that email.

* Even for folks that get to use PGP, they don't take their chances to
  deliver their public key securely. At the end of the day, strictly
  speaking, this can be deemed as "placebo security".

  Printing the signature in business cards helps a lot (and also
  introduces the problem of business-card "management" :-) ).

  My other take has been to put the signature in every mail I send
  (including those to mailing-lists). This is not really "secure",
  but give you datapoints over time that you really got the key you

* Mobile mail clients are a real hassle for PGP. And in those cases they
  are not (anyone?), given the current state of mobile phone security,
  you'd really think twice before putting your private key in your
  phone. -- this doesn't impact signed email, but does impact encrypted
  email (e.g., 've had to "get back home" to read encrypted email I had

> The result has not been what I might have hoped for.
> First, I note that this email is going out unencrypted. Why? I don't
> have a key that I can presume every person on this list will be able
> to use to decrypt it, and I don't have a key for Yes,
> I know those are things our lack of a security architecture has not
> sought to fix. There are at least a couple of ways to address it: we
> could create a capability for such a key, and we could decrypt
> signature-verified emails at the server and re-encrypt to list
> members that we have the keys for. I'm sure our security community
> can come up with a better answer than either, and I invite them to do
> so. My point is that we can't "encrypt everything" if we can't
> encrypt email sent to an alias.

It's not just about encrypting. In many cases, there's trust involved
(whether implicit or explicit). e.g., in your scenario of "decrypt and
encrypt" at the server, I should be trusting the server. Is there a
reason for that?  Yes, that could be thing as "better than nothing"..
but at the same time could give a false idea of security and also lead
people that the email content is authentic, where it could have been
maliciously modified at the server.

HTTPS has similar issues (trusting whoever issued the certificate,
trusting servers providing the content, etc.)

> Second, many of my colleagues have asked me to remove their old keys
> from my database, because they have forgotten them, although the PGP
> repository has not. It may be necessary to purge the PGP database,
> obsoleting and removing keys that have been superseded, and advising
> holders of keys that their keys are old and should be updated. I
> actually cannot encrypt to the entire set of keys I downloaded, only
> those whose holders can still decrypt such communications.

In this case, setting the keys to expire at some point when you create
them makes sense.

> Third, I note that when I receive a signed email that has gone
> through an IETF alias, I can no longer verify the signature as a
> result of content modification. What is the value of a signature one
> cannot verify?

I guess this depends on how you're signing. If you do in-line PGP, this
shouldn't be an issue.

Fernando Gont
SI6 Networks
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492