Re: [perpass] A proposal for developing PRISM-Proof email
ned+perpass@mrochek.com Wed, 25 September 2013 02:15 UTC
Return-Path: <ned+perpass@mrochek.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E151411E819F for <perpass@ietfa.amsl.com>; Tue, 24 Sep 2013 19:15:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1BCezXltYHJS for <perpass@ietfa.amsl.com>; Tue, 24 Sep 2013 19:15:15 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by ietfa.amsl.com (Postfix) with ESMTP id 8293D11E81A3 for <perpass@ietf.org>; Tue, 24 Sep 2013 19:15:13 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OYT4J42SCW0047RH@mauve.mrochek.com> for perpass@ietf.org; Tue, 24 Sep 2013 19:10:11 -0700 (PDT)
MIME-version: 1.0
Content-type: TEXT/PLAIN; charset="iso-8859-1"
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OYSWEERTPS00004S@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for perpass@ietf.org; Tue, 24 Sep 2013 19:10:08 -0700 (PDT)
From: ned+perpass@mrochek.com
Message-id: <01OYT4J2OJ3600004S@mauve.mrochek.com>
Date: Tue, 24 Sep 2013 16:23:09 -0700
In-reply-to: "Your message dated Tue, 24 Sep 2013 14:49:12 +0200" <m60349lsaabup1es6nepsnf3r9kp96dkpf@hive.bjoern.hoehrmann.de>
References: <CAMm+Lwj8OSxsLG1yLYwbTaxd4stt=RryvRE2krFkYuUNh8Mu8g@mail.gmail.com> <84mt39ljo4sm6p6h9h5o1ker1fgigcdqke@hive.bjoern.hoehrmann.de> <84mt39ljo4sm6p6h9h5o1ker1fgigcdqke@hive.bjoern.hoehrmann.d> <e@missing-host.mrochek.com> <6.2.5.6.2.20130923234903.0c854c78@resistor.net> <m60349lsaabup1es6nepsnf3r9kp96dkpf@hive.bjoern.hoehrmann.de>
To: Bjoern Hoehrmann <derhoermi@gmx.net>
Cc: SM <sm@resistor.net>, perpass@ietf.org
Subject: Re: [perpass] A proposal for developing PRISM-Proof email
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Sep 2013 02:15:21 -0000
> * SM wrote: > >At 05:46 22-09-2013, Bjoern Hoehrmann wrote: > >>Another scenario is that the supposedly secure email system relies on > >>personal private long-term cryptographic secrets, and then the system > >>becomes popular. How long before helpful cloud backup and cross device > >>synchronisation systems compromise the keys? For that matter, how many > >>will surrender the keys freely to their web mail system, for spam and > >>virus checks, or a coupon? On Google's Android system you can get some > >>cloud backup service, but only if you let Google have all "your" Wi-Fi > >>passwords (which often aren't yours to share with Google). > > > >I'll comment on a part of the above only. The receiver no longer has > >the ability to perform spam and virus verifications when the message > >(body) is encrypted. The receiver can ask the users for their keys > >to perform those verifications. That is already done in unrelated > >scenarios and some of the users hand over their passwords [1]. > Whoever is meant to read the message can perform, and ask others to > perform, spam and virus checks as they see fit, with little need to > reveal much about the message to third parties (by employing fully > homomorphic encryption, generating noise, pulling blacklists in full > instead of pushing specific items to a third party to check whether > they are on the blacklist, for instance) and the ability to do so > selectively (mails from people I have had a lot of contact with in > the past do not need to be checked for spam, while I might not mind > if strangers have to jump through extra hoops to send confidential > mails to me). That's not on the path of least resistance, of course. OK... So I believe the goal here to make it harder if not impossible to perform widespread surveilance on and interception of Internet traffic. In the case of email, meeting that goal with end-to-end encryption mechanisms like S/MIME or PGP is necessarily going to mean having a nonnegligable amount of email traffic encrypted. The minute that happens spammers are going to join the party in a big way precisely because of the ability this confers to get past transport-side content inspection and filtering. State of the art AS/AV vendors employ honeypots and other forms of feedback to rapidly generate rules, patterns, hashes, and other information, which is then rapidly distributed to filtering systems attached to vast numbers of ingress MTAs operated by their customers. Some of this filtering is done on the basis of IP addresses, envelope, or outer header information, but a lot of it depends on content analysis - analysis that will be blocked by encryption. Even so, nasty stuff still makes it through, so vendors also implement various schemes to "undeliver" mail containing malware that was only detected after the fact. These mechanisms are if anything even more dependent on content analysis than ingress filtering is. It follows that one effect of the widespread use of end-to-end encryption will be an *enormous* increase in the amount of spam and malware that can't be blocked at the transport layer and will end up getting delivered to user mailboxes. Irrespective of what happens to this email after delivery, it's going to represent a significant cost increase to ISPs and MSPs. Any plan to significantly increase the use of end-to-end encryption is going to have to address this issue. And as for what happens to spam and malware-laden email after delivery, one reason that things have shifted to a centralized scanning approach is it's been shown over and over and over again that end users cannot be relied upon to perform this sort of filtering themselves. So this is another issue that is going to have to be addressed - how filtering can done reliably at this stage. For better or worse, while the IETF has been spending time holding PGP key signing parties and designers the S/MIME extension du jour, the ISPs and MSPs have been busy building a vast infrastructure used by hundreds of millions if not billions of people that is heavily dependent on the *lack* of widespread use of end-to-end encryption. (The need for content analysis by AS/AV mechanisms is only one example of this; there are many others.) Any halfway realistic plan to deploy end-to-end encryption at Internet scale is going to have deal with the totality of contemporary email services and usage in addition to solving the myriad problems surrounding key/certificate distribution and management as well as UI issues. (As if the latter weren't difficult enough.) Finally, the desire to address the surveilance/intercept problem may be so strong that people may be tempted to dismiss these sorts of issues as "someone else's problem". So let me close by noting that quite a lot of spam originates from infected PCs, and is done by sending those messages using whatever submission mechanism that user uses, borrowing their credentials in the process. And if those credentials include a private key, that's going to be borrowed as well. Anything that increases the rate at which malware makes it to end user mail accounts is going to increase the rate of infection, and that in turn is going to compromise the integrity of the end-to-end security system you're trying to deploy. Ned
- [perpass] A proposal for developing PRISM-Proof e… Phillip Hallam-Baker
- Re: [perpass] A proposal for developing PRISM-Pro… Bjoern Hoehrmann
- Re: [perpass] A proposal for developing PRISM-Pro… Adam Caudill
- Re: [perpass] A proposal for developing PRISM-Pro… Leif Johansson
- Re: [perpass] A proposal for developing PRISM-Pro… Jon Callas
- Re: [perpass] A proposal for developing PRISM-Pro… Phillip Hallam-Baker
- Re: [perpass] A proposal for developing PRISM-Pro… Scott Brim
- Re: [perpass] A proposal for developing PRISM-Pro… Leif Johansson
- Re: [perpass] A proposal for developing PRISM-Pro… Paul Kyzivat
- Re: [perpass] A proposal for developing PRISM-Pro… SM
- Re: [perpass] A proposal for developing PRISM-Pro… Bjoern Hoehrmann
- Re: [perpass] A proposal for developing PRISM-Pro… ned+perpass
- Re: [perpass] A proposal for developing PRISM-Pro… Mike Demmers
- Re: [perpass] A proposal for developing PRISM-Pro… Stephen Farrell
- Re: [perpass] A proposal for developing PRISM-Pro… Randy Bush
- Re: [perpass] A proposal for developing PRISM-Pro… Dave Crocker
- Re: [perpass] A proposal for developing PRISM-Pro… Phillip Hallam-Baker
- Re: [perpass] A proposal for developing PRISM-Pro… Carl Wallace
- Re: [perpass] A proposal for developing PRISM-Pro… Phillip Hallam-Baker
- Re: [perpass] A proposal for developing PRISM-Pro… Carl Wallace
- Re: [perpass] A proposal for developing PRISM-Pro… Phillip Hallam-Baker
- Re: [perpass] A proposal for developing PRISM-Pro… Mike Demmers
- Re: [perpass] A proposal for developing PRISM-Pro… Bjoern Hoehrmann
- Re: [perpass] A proposal for developing PRISM-Pro… Mike Demmers
- Re: [perpass] A proposal for developing PRISM-Pro… Bjoern Hoehrmann
- Re: [perpass] A proposal for developing PRISM-Pro… Mike Demmers
- Re: [perpass] A proposal for developing PRISM-Pro… Leo Vegoda
- Re: [perpass] A proposal for developing PRISM-Pro… Mike Demmers
- Re: [perpass] A proposal for developing PRISM-Pro… Leo Vegoda
- Re: [perpass] A proposal for developing PRISM-Pro… Mike Demmers
- Re: [perpass] A proposal for developing PRISM-Pro… Leo Vegoda
- Re: [perpass] A proposal for developing PRISM-Pro… Stephen Farrell
- Re: [perpass] A proposal for developing PRISM-Pro… Mike Demmers
- Re: [perpass] A proposal for developing PRISM-Pro… Mike Demmers
- Re: [perpass] A proposal for developing PRISM-Pro… Elijah Sparrow
- Re: [perpass] A proposal for developing PRISM-Pro… Phillip Hallam-Baker
- Re: [perpass] A proposal for developing PRISM-Pro… Richard Shockey