Re: [perpass] A proposal for developing PRISM-Proof email

[Bjoern Hoehrmann <derhoermi@gmx.net>]

* Phillip Hallam-Baker wrote:
>We need an email security infrastructure and recent events demonstrate that
>the infrastructure we develop needs to be proof against PRISM-class attacks.

>http://www.ietf.org/id/draft-hallambaker-prismproof-dep-00.txt

The document is a bit of a mixed bag mixing analysis, requirements, pro-
posals, and other things in a manner I find hard to follow. To turn this
a bit around, if I wanted to create a secure email system, the first
thing I would probably think about is scope. You mention "PRISM". If
"PRISM" is some sort of "FAA 702" program, and that law seems to be

  [The] Attorney General and the Director of National Intelligence may
  direct, in writing, an electronic communication service provider to

    (A) immediately provide the Government with all information,
        facilities, or assistance necessary to accomplish the
        acquisition in a manner that will protect the secrecy of
        the acquisition and produce a minimum of interference with
        the services that such electronic communication service
        provider is providing to the target of the acquisition;
    ...

one scenario I would think about two people with tablet computers that
run the Acme tablet operating system and they are both using the Acme
Web Mail system through the Acme browser and they are connected to the
Internet over Acme Fibre. Now the United States want to read their mails
to determine whether they or their associates need to be brought free-
dom and democracy, and they tell Acme to make that happen using the law
above. Is the system supposed to help the two exchange mails securely?

Another scenario is that the supposedly secure email system relies on
personal private long-term cryptographic secrets, and then the system
becomes popular. How long before helpful cloud backup and cross device
synchronisation systems compromise the keys? For that matter, how many
will surrender the keys freely to their web mail system, for spam and
virus checks, or a coupon? On Google's Android system you can get some
cloud backup service, but only if you let Google have all "your" Wi-Fi
passwords (which often aren't yours to share with Google).

I also wonder whether active MITM attacks, where the bits on the wire
are changed, are really much of a concern for such a system, compared
perhaps to mass-scale passive eavesdropping; how important is being
able to find out whether your conversations are being monitored?

Another point is compatibility with the deployed email infrastructure.
It seems rather trivial these days to establish new communication sys-
tems to hundreds of millions of users; it's been done quite a number of
times in recent years. It seems to disregarding the deployed protocol
might make many desirable features available that are difficult to fit
in with the existing system, like encrypting subject headers and local
parts of addresses. Similarily, some features might be easy to let go
of, asynchronous offline delivery for instance is less interesting in
a always-on world.

That is what comes to mind thinking about securing the email system and
it is a bit of a long way from there to issues around web browsers ge-
nerating cryptographic certificates or the merits of S/MIME.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/