Technocrat

eMail Just Not Secure Enough

zogger
Sun Nov 16 05:44:00 -0800 2008
Security.
manage

Here's an article about presidents and the internet. Supposedly, because of data retention laws and national security, it is near impossible for a modern president to stay connected with email. There are concerns that email protocols are just too vulnerable to interception.

ed.z.: I wonder with the emphasis on blackberries, if this article will give business leaders a little pause as they stare at their own and contemplate a lot of the sensitive information and decisions they transmit. If the POTUS can't be assured of security....where does that leave state of the art? I realize a lot of it it the presidential records act requirements..but that is easily dealt with, don't use email for private matters. It's the security angle I find interesting, that in 2008 it is still so vulnerable the best most expensive security on the planet can't deal with it.

eMail Just Not Secure Enough
pojo
Sun Nov 16 06:45:05 -0800 2008
 manage

What about S/MIME? It's not vulnerable if it's encrypted and signed.

eMail Just Not Secure Enough
mrjk
Sun Nov 16 06:56:34 -0800 2008
 manage

This article makes no sense for a known person like a president with known advisors. We have great authentication and encryption techniques. A mail zone with only white listed people in it each with their own certificate with encryption of all messages, or a web mail system with limited access and actual human gatekeepers to the outside are easily possible. 

This is a relatively small number of people who have the resources for a high staff support system. What kind of mail system would the top people in the executive branch be using according to this article? It certainly wouldn't be one open to anybody in the first place!

eMail Just Not Secure Enough
phred14
Sun Nov 16 08:33:06 -0800 2008
 manage

This could also be a great "Teaching Moment", which Obama tends to be fond of.

Of course he could get a S/MIME certificate, as someone said, but that's beyond the reach of the run-of-the-mill citizen, unless the government were to push someone (I favor banks - they already have my personal information - and money.) to become S/MIMIE providers to the masses.

So without an S/MIMIE push it's down to PGP/GPG and the Web of Trust.  Obviously his key would be on whitehouse.gov, but there could be pointers to sites explaining everything about email encryption, signatures, etc.  He doesn't need to do it, and neither do the people.  But we can be made aware, and just maybe more people would do it.

Heck, maybe I would even do it.  I'm fully gpg-equipped, but I don't really have gpg-equipped people to talk to.  It's kind of a pain to sign messages, when I feel like nobody is checking, anyway.

eMail Just Not Secure Enough
Alan
Sun Nov 16 10:33:50 -0800 2008
 manage

About 15 years ago I got excited about encryption, installed PGP in my mail client, signed my messages. Never found a single person who reciprocated. Didn't bother to reinstall it next time I upgraded my PC.

The pres though could certainly make it happen. But the White House using PGP? Zimmermann would have a belly laugh about that.

eMail Just Not Secure Enough
phred14
Sun Nov 16 11:05:17 -0800 2008
 manage

Right now it's PGP or S/MIME, and there just isn't any sort of infrastructure in place for "S/MIME for the masses."  I have my own pet peeve that banks should be in the S/MIME distribution business.  Part of a good certificate is verification of identity, and 3 agencies really, really "know" who I am - the federal government, the state government, and the place where I keep my money.  Of the 3, and with that "keep it in the private sector where appropriate," mentality, that leaves identity up to the banks.

But then again, there are problems with putting S/MIME into the hands of the masses.  Giving out an S/MIME certificate might tend to impart more trust to computer transactions, and at that point we come to the fact that most peoples' computer security stinks.  With  S/MIME for the masses, identity problems would likely get worse, because it wouldn't be well protected, and others would be more inclined to trust.

eMail Just Not Secure Enough
steelbytes
Sun Nov 16 16:13:47 -0800 2008
 manage

> But then again, there are problems with putting S/MIME into the hands of the masses.

mmmm ... revocation would become very very important

eMail Just Not Secure Enough
phred14
Sun Nov 16 19:14:09 -0800 2008
 manage

With mass distribution, I think knowing when to revoke would be the much bigger problem than just having the mechanism.  The mechanisms are in place today, though propagating that knowledge may be problematic.  But how long might compromised keys continue to be used by "good ol' Joe?"

S/MIME certificates and usage

Jan Maes
Mon Nov 17 07:17:11 -0800 2008
 manage

All our ID cards over here in Belgium carry a government signed certificate for such purposes (including filling in a yearly tax report via internet and age verification checks on child chat rooms).

Every citizen is obliged to have and carry such an electronic ID card by now. (I don't want to get started on that subject.)

You need a card reader to be able to extract the certificate (20 euro or so). No big deal there. The readers are available and many people know how to use them as indicated by the number of electronic tax reports this year.

You also need to know how to use it in a mail client. This is rather straightforward but it is another small hurdle to take.

Setting up a mail client to check the signature on a mail is another hurdle.

Wanting to sign email and wanting to verify the signature on incoming mail is another hurdle. This seems the biggest one to me.

I still haven't seen a signed email as of yet. Maybe the spam rate needs to go way up before S/MIME sees some actual use.

S/MIME certificates and usage
phred14
Mon Nov 17 07:59:05 -0800 2008
 manage

Now we get to the reason I prefer banks over government as holder of certificates.  If the government holds the certificate, it's an "in-house" transaction to gain access to my private key.  It doesn't matter if that transaction is illegal or not, it's still "in-house" and easier to do in an undocumented fashion.  If the bank holds my certificate, it becomes an out-of-house transaction, so there's no undocumented path.  It becomes a matter for a search warrant, court action, and a clear documented path.

Next part I don't like... any stranger who even temporarily gains physical access to your ID card and has a card reader readily available can have a copy of your certificate.

Is there another check on that certificate?  Something you know?  Something else you have?  Etc...

S/MIME certificates and usage
Jan Maes
Mon Nov 17 11:19:00 -0800 2008
 manage

"If the government holds the certificate, it's an "in-house" transaction to gain access to my private key. "

There's more to that it than that. The cert is issued by a government sanctioned private company, but not by the government as such. In addition, there is supposedly only one copy of the key: the one on the ID card (barring the copies the citizens create themselves). If one is truly paranoid, one could question that, but that is an argument that goes both ways: how would you be sure your bank doesn't hold a copy and gives it out without your consent?

"Next part I don't like... any stranger who even temporarily gains physical access to your ID card and has a card reader readily available can have a copy of your certificate."

Not really.. you need the PIN too, and you only get 3 attempts.

Did I mention that there exist several toolkits and tools to access the card and the data on it? All of them are open source, and yes, they also work on linux. At least someone spent a good deal of thought on this.

 

Do you have questions about the site? Write to bruce at perens.com . List of all articles we've ever published. Source Code Developer's Documentation RSS XML Sitemap XML News Sitemap Valid XHTML 1.0 Strict Valid CSS! [Valid RSS]