Encrypted Email Is Still a Pain in 2017 (incoherency.co.uk) 216
Bristol-based software developer James Stanley, who used to work at Netcraft, shares how encrypted emails, something which was first introduced over 25 years ago, is still difficult to setup and use for even reasonably tech savvy people. He says he recently tried to install Enigmail, a Thunderbird add-on, but not only things like GPG, PGP, OpenPGP were -- for no reason -- confusing, Enigmail continues to suffer from a bug that takes forever in generating keys. From his blog post: Encrypted email is nothing new (PGP was initially released in 1991 -- 26 years ago!), but it still has a huge barrier to entry for anyone who isn't already familiar with how to use it. I think my experience would have been better if Enigmail had generated keys out-of-the-box, or if (a.) gpg agreed with Enigmail on nomenclature (is it a secring or a private key?) and (b.) output the paths of the files it had generated. My experience would have been a lot worse had I not been able to call on the help of somebody who already knows how to use it.
mail.app (Score:2, Redundant)
Giving credit where credit is due. mail.app and keychain make it a breeze. You can drag and drop public keys, sign email, use 3rd party sources or generate keys all with a gui that is rather intuitive.
Re: (Score:2)
Of course, since this is in mail.app, which I use constantly, this is the first I've heard about it.
I wonder how many great features in Apple products people miss simply because Apple refuses to provide sensible documentation and instead relies on users to "discover" features organically or via message boards.
-Chris
Re:mail.app (Score:5, Informative)
Re: (Score:2)
This was my first thought when I read the summary as well. S/MIME is even built into the default mail app in iOS... not sure about Android (or any of its manufacturer variants).
The biggest problem with S/MIME is managing the certificates. People generally won't want to deal with having a different private key on every device they use for their email... especially when you consider that doing so would require the sender to sign with the correct public key for the device the recipient wants to read it from. N
Re: (Score:2)
That's not my experience, over the last 15 years where I was required to exchange PKI encrypted emails with both DoD users and other contractors (Fortune 50 company through 1 person security consulting shop). I've had problems setting up/loading certificates, particularly handling root and intermediate certificates (from DoD PKI). When a certificate expires, Mail has real problems with the email. And recently I was sent a short encrypted message where it took order a couple of minutes to decrypt and disp
Re: (Score:2)
Executables for macOS have been called "apps" since System 1 on the 128K Macintosh desktop computer.
"Application" dates to System 0.97 (Score:2)
Finder has always referred to executables as "applications". (Source: any screenshot [wordpress.com] of Finder [appleinsider.com] going back to 0.97 [uwa.edu.au]) This is true in both the user interface and the four-character file type code [wikipedia.org] used in classic Mac OS to identify each file's content type. The file type code for executables is APPL, short for "application".
Do you also require a citation that the use of "app" as short for "application" predates July 2008 when iPhone OS 2 was released?
Re: (Score:2)
App was a short for application, but not often used. And MacOS always called applications applications, which is why apple had no big problem to use App for mobile applications without confusing people.
Re: (Score:2)
Tools and movements (Score:4, Interesting)
Re:Tools and movements (Score:5, Insightful)
Re: (Score:2)
You simply can't have people not do "anything extra" while also being resistance to MitM. Part of HTTPS' success story is that it's easy enough to set up, but at the cost of being extremely vulnerable (by PGP standards) to MitM. So to anyone who knows how it works, it's "insecure" but people actually bother to use it, so it's about a trillion times more secure against totally passive attacks, than plaintext is. Thus, on average for all persons, the web is more secure than email.
PGP email needs some kind of
Only difficult because computer users are idiots (Score:2, Troll)
No. Really.
The average user has difficulty clicking on a UI element that says "Generate key" and figuring out what it does.
Let alone understanding the differences between key types, and why some are better than others. (like why you shouldn't trust the RSA algo.)
Re:Only difficult because computer users are idiot (Score:5, Insightful)
Let alone understanding the differences between key types, and why some are better than others. (like why you shouldn't trust the RSA algo.)
The end user has no need for understanding that. They even shouldn't need to care.
The only way we'll ever see e-mail encryption if it's as transparent as WhatsApp's end-to-end encryption or https transfers. The moment you have to bother the user with manual key management there's an issue. If the user has to choose what key to use, it's a disaster. He shouldn't have to know why to trust or not to trust RSA or other key algorithms. That's for the application writer to figure out, and only offer suitable protocols to begin with. Then why ask the user about different protocols? The developers know more about that, and I trust them to be better suited to make an appropriate choice than me who knows little to nothing about encryption.
I don't know what algorithm WhatsApp uses to encrypt my messages. I can read it, receiver can read it, no-one in between can read it. I'm good. Of course I have to trust WhatsApp to do it properly - I know there are really smart people all the time trying to break these things, and I have yet to hear about this having been broken even partly. That is enough for me as simple end user to get the feeling they've done it well. It's probably breakable, but it's for sure not easy, and they don't bother me with keyrings, secret/public keys, algorithms and other things that I know almost nothing about.
I like computers, have a strong interest in the subject, and I'm sure I know a lot more about all this than the average person. So if e-mail encryption is hard enough to make me not even bother, a lot has to be done to make it usable for the average Joe.
Re: (Score:2)
The subject line's arrogance about non-technical users is the source of much that's wrong with computer security today.
Computer users are not idiots, they just don't have specialized knowledge that specialists have. They should not need to have such specialized knowledge, and they're absolutely right when they think we're nuts for wanting them to obtain that knowledge.
There are many different levels of this particular form of arrogance, too. One of my ambitions is to develop a crypto API which developer
Re: (Score:3)
When the standards for eliptic curve signatures were being developed, the NSA, in response to the submission recommended (without, I believe, much explanation) a slight different set of constants used to define the curves, and those recommendations made it into the standard.
Did they suggest the new constants, because they knew the initially proposed ones had weaknesses? Or because the ones they suggested had properties that would allow the NSA to break those signatures?
Re: (Score:2)
http://crypto.stackexchange.co... [stackexchange.com]
Re: (Score:2, Informative)
Okay.
But the RSA algorithm is not the same as the ECC algorithm and both were designed by different people.
Re: (Score:2)
And ... you mixed up RSA and AES.
RSA just relies on prime factorization being NP-hard and P!=NP.
AES is the encryption with some unknown constants (which are still not proven as dangerous btw.)
So maybe the user is right about not knowing the details of this ... when even you, who are a bit more advanced, get it wrong.
It's a pain because recovery has to be an option (Score:5, Insightful)
People forget things all the time. At some point you are going to forget where or what the key is for your encrypted email, so what to do? Recovery of that key is going to be necessary. Which leads to an entire host of other problems, many of which are security related.
So yeah, until memory becomes infallible we're stuck with encrypted emails having a certain amount of pain that comes along with them.
Re: (Score:2)
a message that can be read by somebody other than the intended recipient, is not worthy of being called secure.
A message that can have the key derived from the data stream is a message that fails to prevent somebody other than the intended recipient from reading it.
The two are mutually exclusive.
Re: (Score:2)
Some big automotive enthusiast forums company got breached and set draconian rules for passwords for the users (who themselves did nothing wrong) as a result. twelve characters, mixed case, numbers, and non-letter-number characters, must be changed monthly. Screw that. I don't need to talk about four by fours enough to bother w
Re: (Score:2)
Hmm, those contraints rather limit the set of possible passwords, thus weakening the security of the system.
Ignoring the 12 character limit, would be better if mixed case, numbers, and non-letter-number characters were ALLOWED, but not required.
As to the character limit, I think I may have used a password that short this decade by personal choice. Maybe. Of course, passwords for websites (online bill pay, that sort of thing) freque
Re: (Score:2)
That is not the pain .
Where I work it is the clueless clients who send us (another company) encrypted emails and then demand an answer ASAP and blame IT when it doesn't work.
Cisco iron mail is horrible! Requires outdated Java and times out on our network. MBAs have no idea the work required. Just to penelize my users if they don't respond ASAP with no warning
Re: (Score:2)
People forget things all the time. At some point you are going to forget where or what the key is for your encrypted email, so what to do?
Use Keepass?
Re: (Score:2)
Why storing it in encrypted form? It only has to be encrypted while in transmission to be secure.
You receive an e-mail, your client automatically decrypts it (of course at some point in time you unlocked the key with a password or so), and then stores it in your local storage unencrypted. You may of course in turn encrypt your hard disk if you want. Same for sent e-mail: the moment you press Send, the client encrypts the mail before delivering it to the SMTP server, and at the same time stores an unencrypt
Re: (Score:2)
This is why I maintain that we need identity/security providers that will manage the keys and encryption schemes for you. The real problems are:
* Slashdot nerds (and the like) get all freaked out about the idea of a 3rd party managing people's keys. In order to be truly secure, it's necessary that only you can ever possibly get access to your keys, which means that you need to manage them yourselves. Therefore, any scheme that requires trusting a 3rd party gets rejected.
* Each vendor/developer wants to
Re: (Score:2)
The average person doesn't think to that level. It appears to be that the reason for lack of adoption is that the average person doesn't know it's a thing, plus it's non-intuitive, and their email providers don't do it for them.
PKI itself is the culprit (Score:4, Interesting)
I've had to mess with PKI encrypted email (as a job requirement) many times over the last 15 years. In my experience, the problem is the underlying PKI support. It's really hard to load & manage certificates, deal with revoked certificates (including preserving emails when a certificate expires), etc. Some of that is, I believe, due to the complexity of PKI itself, and some of it is due to poor (at least from a user experience perspective) support by the OS vendors. Much of my experience is with DoD PKI, including their huge chains of PKI certificate/trust.
If the PKI infrastructure worked well, encrypting/decrypting email should be easy. But if the PKI infrastructure makes it really hard to manage certificates, there's nt a lot the mail user agent can do about that!
Re: (Score:2)
But if the PKI infrastructure makes it really hard to manage certificates, there's not a lot the mail user agent can do about that!
I've been using PKI infrastructure for about as long, and my experience has been very different, even with non-technical users.
I'm curious what issues you're running into that makes it "really hard to manage certificates." Perhaps your definition of difficult differs greatly from mine..
Re: (Score:2)
I could see it being rather difficult to manage certificates if there's no assumed trustworthy central authority to manage them. It's easy for a megacorp to sign their own certs and manage them (and have others accept them), but a small shop or individual would likely run into difficulty somewhere.
Re: (Score:2)
Finding, installing, handling revocations/expiration. Loading parent/certificate chains, -particularly when the certificate chains themselves (root and intermediate) change-. In a perfect world, this would all be handled automagically. But when something goes wrong, figuring out what happened, and then trying to fix it, has been At Least One Bridge Too Far.
Why not encyrpted attachments instead? (Score:2)
Re: (Score:2)
You get a gold star for independently coming up with the industry standard solution!
Encrypting the attachments is exactly what PGP/MIME and S/MIME have done for at least a decade now.
Re: (Score:2)
Needs better mobile (Score:3)
The problem is that most of the public still uses web-based email (GMail, Yahoo, etc) and mobile. Gmail won't support even the most basic of encryption because their entire business model depends on reading other people's emails.
What GMail COULD do is put some sort of header on GPG-signed emails saying that this is certified as from an account.
Re: (Score:2)
Like the author I found Enigmail on Thunderbird to be a pain. The Mailvelope plugin on gmail/Chrome is what I use when I need to use encrypted mail. It's still a bit of a pain, but not too bad.
Re: (Score:2)
What's the problem with that for gmail and other web mail services? In order to present the e-mail in a web page to the user, they have to be able to decrypt it, it's not like that can be done so easily at the user's end in the browser (how to deal with keys etc, when the user switches computers?).
Given up (Score:4, Insightful)
I have given up on GPG. It is a great program and in principle it is all you need. Until you have tried setting it up for your parents, spouse or friends.
It cannot and will not work. It is too complicated. The best solution I have come up with is using tutanota (others exists as well) . It is not perfect, but now must of my family use encryption without really realising it:)
Re: (Score:2)
Can you point me to a trustworthy cert authority? How do I know I can trust them?
Every step is encrypted (Score:2)
Re: (Score:3)
Except the part where it's stored unencrypted on every server during the trip. You don't know how long it stays on the server as there could be a long queue of outgoing mail or the receiver isn't responding. Then it could be caught up on backups. All available to be read unless you have encrypted it yourself.
Re: (Score:2)
Re: (Score:3)
You're talking about transit. Emails in transit may be encrypted but they may not be at the endpoint. It's like entering your bank details into some random site that looks like your bank with only the confidence that you're using HTTPS and without actually knowing if the other party is your bank or not.
Re: (Score:2)
Once that hole is plugged, there won't be a single point where an email isn't encrypted.
In transit perhaps, but not at rest. When your email sits in the inbox (or any folder) on your email provider's server, it is either not encrypted or your provider has the ability to decrypt it. Otherwise your email provider would not be able to display it / transfer it to you. This means that your provider can read your email, they can show it to the government, and if someone hacks your provider, the attackers and read your email as well. Unless you are running your own email server, transport protection
Re: (Score:2)
it is either not encrypted or your provider has the ability to decrypt it.
Lots of providers do encrypt the email at rest. True, the servers will need the data in an unencrypted form at some point to serve you the data, etc. But then that gets down to how much you trust the provider. Don't trust the provider? host your own email server.
Encryption in transit protects you a lot.
Has anyone else tried Virtru? Simple (Score:4, Interesting)
I was sent a message encrypted by https://www.virtru.com/ [virtru.com] and it wasn't a problem to open it on my end, no account required.
I liked the idea and took about 5 minutes to get it setup on my end so I could send encrypted email, too.
It's about the simplest setup I've seen yet, and only downside is a couple of second lag opening an email (time it takes to decrypt)
Re: (Score:2)
>"so I could send encrypted email, too"
But that is not Email. It is web messaging with Email notifications. It requires a third party to be involved. I get that kind of stuff all the time from various sources. If you have to use a web browser, it is not Email.... Just saying.
DuckDuckGo (Score:5, Funny)
The article says "I DuckDuckGo'd for keywords like GPG..."
I feel like the idiom should be "I DuckDuckWent" instead.
Security requires personal attention. (Score:5, Insightful)
Try talking your non-techie friends into a Linux desktop. Even after you show them that the "Start button" is right where they expect it to be, and that the email and browser clients work just like they're used to and that they can do what they've been doing as easily as they've been doing it, there will be concerns. It all falls apart when they say "Can I buy a disk and install my own software?" and you say "No, but here's an easier way to install software from a vast repository of packages", they're done. They don't even ask what's available or how it works, their eyes glaze over and they hold up a CD-ROM of Cute Kitteh Pics and proclaim that they can't live without that version of that software - and it has to look exactly like they expect it to look. Anything else might require their direct attention.
Now, back on subject - you say "encrypt your email". They say, "okay, how?". You install and configure it for them, you make sure they only have to click one button to encrypt any given email. They say "Cool! And my grandma will be able to read this, right?"
You start explaining how this will work. Their eyes glaze over and they say they'd like to encrypt emails to their friends when they discuss their legal but oh-so-risqué lives, but if they can't email grandma it won't work. It's too late to tell them they got it wrong because their eyes have already got that hundred yard stare thing going on. You made somebody think about something and rather than believe they can understand it, they take the easier path of not even trying.
Bottom line - you're not trying to teach a behavior, you're trying to change a behavior. I've go GPG implemented. It's completely unused because nobody I know cares. They're not afraid of the government reading their emails and they accept that Google, Apple and Microsoft won't do anything worse than target advertising at them. Even after I offer to make it one-click convenient for them, most of my associates don't want it.
Re: (Score:2)
" You made somebody think about something and rather than believe they can understand it, they take the easier path of not even trying."
And that, in a nutshell, is what describes people living in their interwebs echo chambers. Their beliefs are easier to understand than someone else's, and they take the easier path of not even trying.
Re: (Score:2)
It all falls apart when they say "Can I buy a disk and install my own software?" and you say "No, but here's an easier way to install software from a vast repository of packages", they're done.
What's in a "package?" Is it ready-to-run? Where do I find clear and detailed product descriptions, reviews and screen shots?
Steam is successful because Valve knows how to sell software on line.
Re: (Score:2)
Re: (Score:2)
you're not trying to teach a behavior, you're trying to change a behavior. I've go GPG implemented. It's completely unused because nobody I know cares.
It's actually worse than that. You're not trying to change your behavior. You're trying to change everyone else's behavior. Your GPG implementation relies on everyone sending emails to you to cooperate.
PGP has pretty much been abandoned (Score:2)
Re: (Score:2)
And that's why Facebook just added support for OpenPGP notifications?
Is this even a need? (Score:2)
So, I'm thinking this through a bit further, and I'm wondering whether encrypted e-mail still makes sense...
How many people actually-communicate via e-mail anymore? Yes, e-mail is still necessary as it's a de facto identification method - virtually every sign-up form uses e-mail addresses in this manner, but it's highly irregular that I send an e-mail to another human after I leave work. Most of that communication takes place via Facebook (known insecure) or WhatsApp/Viber/Kik/Line/BBM/SMS, and most of that
Lack a use case (Score:3)
The general wide spread use of email encryption lacks a use case. The situations where an ordinary person would require encrypted email is incredibly rare and it's most definitely not worth the hassle. Think of the use case for email: You're trying to send a message to someone. Like a letter it could be intercepted and read, but in general it's still just plain text. Like a letter we can take basic precautions such as encrypting attachments or sending separately documents to prevent accidental collection, but fundamentally it is still something that for the most part in general needs to be read.
I personally wouldn't have enabled email encryption if I didn't need to on a very rare occasion have to handle sensitive information, but even then it's simply easier to often send an encrypted attachment.
There are end-to-end messaging apps (Score:2)
Re: (Score:2)
Is there a good reason I should trust the authors of "WhatsApp"? And even if I did trust them, is there any measure of assurance that they couldn't be compelled to give up my data?
accord to the ancients... (Score:2)
...netcraft confirms it!
Sorry. Flashbacks.
Plain English is hard enough, apparently (Score:3)
Bristol-based software developer James Stanley, who used to work at Netcraft, shares how encrypted emails, something which was first introduced over 25 years ago,
Got enough commas in there?
is still difficult
Uh, what? Emails is still difficult?
but not only things like GPG, PGP, OpenPGP were -- for no reason -- confusing
"Not only were things like..." would've been easier to parse, though this is borderline cromulent.
Enigmail continues to suffer from a bug that takes forever in generating keys.
The bug takes forever "in generating" keys?
Look, if English isn't the submitter's first language, that's no big deal. But somebody, somewhere, should be responsible for editing submissions if you want people to actually think you're a professional news aggregator.
Facebook gets it (Score:2)
I have been using GPG since 2003. That means publishing my key and making it available. The only encrypted email I have ever received in all that time is from that bastion of privacy and security.....Facebook! It's like bizarro world.
You are using the wrong encryption format (Score:2)
PGP and OpenPGP are obsolete. You should be using S/MIME - that is where all the work on getting the process right has been going on, and for that protocol the set up is accessible in anything modern.
Maybe it's time to stop teaching e-mail to users (Score:2)
Maybe it's time to stop teaching e-mail to users.
Let's face it, users stop using e-mail anyway. Many apps which required e-mail for signup now work with a phone number alone.
So let's stop forcing e-mail for every bit of communication.
Use XMPP. The user likes the chat interface anyway, encryption with OMEMO (which has forward secrecy, which isn't possible with e-mail) is secure and apps like Conversations work like a charm hiding all the details with a Trust-on-first-use model, which is enough for 99% of the
Title doesn't fit... (Score:2)
Not sure if I'm not getting the entire story here, but how can a guy who tested one method alone (a plugin to boot) can generalize that encrypted email is still a pain?
Encrypted messaging is also a pain if I use only SMS or smoke signals.
I have a Protonmail account. It's encrypted during transit, and completely encrypted from Protonmail to Protonmail account, and it all works seamlessly.
"Bug that takes forever in generating keys" (Score:2)
TFA reads like a classic example of "User refuses to learn to use screwdriver, complains all fasteners are hard to use."
* Author seems to think encryption is a simple magic bullet.
* Author doesn't even bother reading the manual for the tool.
* Author reviews only one tool in a large family of tools, blames the entire family of tools for his own ignorance and incompetence.
* Author doesn't know about the problem space, has expectations that reveal a tragic level of misunderstanding.
The bottom line is encryptio
bullshit (Score:2)
plaintext goes in, cyphertext comes out
cyphertext goes in, plaintext comes out
it even automates the sending to and grabbing from clipboard
encryption is only hard when you use poorly made tools
gaim-encrypt (back before it was pidgin) was easy as shit to use too, it was slow back in the days of sub ghz celerons it could freeze your whole machine and make winamp skip for a moment when a messagecame in, but it was literally easy enough for children to use.
Pen and paper vs the OS? (Score:2)
Take a holiday or sabbatical and give one book to the person you want to communicate with.
Teach that person about the use of a one time pad on paper. Don't encode or decode the message on the computer.
Take up landscape photography. Any digital camera will do.
Include a small banner ad like landscape image with every email.
Learn steganography and hide a short one time pad like message in every small landscape image in every normal email.
Set s
Re:Low Interest In The Public (Score:4, Interesting)
Not only this, but as 'tech savvy' people, I know of only two people using PGP for personal email purposes. I think the future of encrypted email needs to be lead by someone like Google implementing it into gmail by default, generating keys easily for common folk, etc.
Re:Low Interest In The Public (Score:5, Insightful)
Re: (Score:2)
The point being to create enough of a user base for the rest of us to communicate with.
Re: (Score:2)
The concept of using PGP is privacy in your private messages. That concept goes out of the window once google is managing your keys.
Google's end-to-end encryption [github.com] approach relies on a key store in your browser, so Google isn't managing them. The keys could optionally be backed up to Google, but encrypted with a key derived from a passphrase you choose. However, that development effort seems to be stalled (I don't know if it is; I'm just looking at the last-update dates in the Github repo).
I think what might work is for Gmail to offer fully-automatic encryption with Google-handled key management, plus a way for users who want to transi
Re: (Score:2)
perhaps it could be standardized with some automatic key exchange mechanism
And there's your problem, key exchange is the hardest (most expensive at least) part of PKI.
It's a serious weakness in things like Signal, somewhat ameliorated by letting you know someone's key was changed, but unless you're communicating via some other channel while doing the key exchange you can't really know the key is valid.
These key signing parties aren't just an excuse to earn frequent flier miles: https://www.theguardian.com/te... [theguardian.com]
Re: (Score:2)
After the snowden reveal, I switched to it exclusively when communicating with a friend of mine. I use a really strong set of ECDSA keys I generated for us, and physically exchanged in person.
I laugh at the idea of the NSA wasting the CPU cycles needed to decode our harmless exchanges of adorable kitten pics.
Re: (Score:2)
After the snowden reveal, I switched to it exclusively when communicating with a friend of mine.
The NSA is not interested in your cat videos.
Re: (Score:2)
ah, but do they know they're just cat videos?
Re: (Score:2)
Of course they do. The Trojan horse on wierd_w's PC tells them everything.
Re: (Score:3)
After the snowden reveal, I switched to it exclusively when communicating with a friend of mine.
The NSA is not interested in your cat videos.
But if they are encrypted, they don't know they are cat videos. One of the points of encryption, like document shredding is to "do" everything, if you only 'do' the important things the Snoops will know what is important and what isn't. Decrypting, like reassembling shredded documents is very expensive, make them spend on junk mail and cat videos and they won’t be able to afford your important stuff.
Re: (Score:2)
After the snowden reveal, I switched to it exclusively when communicating with a friend of mine.
The NSA is not interested in your cat videos.
That may be...but they'd have to decrypt it first to determine that...
Re: (Score:3)
Having said that, my employer, the Department of Defense, uses Outlook and a card with a chip in it that stores my credentials, and I can encrypt an email simply by clicking on a button.
At my last position, with the Department of Energy, we used Entrust along with Lotus Notes and credentials stored on the chip on our badge. It was very straightforward even for the non-tech-savvy among us.
Re:Low Interest In The Public (Score:4, Interesting)
Rubbish.
Not even the most non-techie user would turn down "encryption" if it was offered.
The real problem is the stupid email software writers who insist on using "certificates", rings of trust, etc. I'm looking at you, PGP.
Secure mass communications doesn't need all that, all they need is a way to exchange keys automatically and a way for people to compare key fingerprints if they suspect a man-in-the-middle. Whatsapp have managed it perfectly.
It only takes a small percentage of the population comparing fingerprints to find out of the NSA is engaged in mass e-mail manipulation. Anybody worried about privacy can simply do the fingerprint check. No certificate authorities to pay, no rings of trust needed.
If I was a conspiracy theorist I might _also_ suspect that the real reason it hasn't been implemented by major players (eg. Microsoft) is because the US government doesn't want them to.
Re: (Score:3)
Rubbish.
Not even the most non-techie user would turn down "encryption" if it was offered.
The real problem is the stupid email software writers who insist on using "certificates", rings of trust, etc. I'm looking at you, PGP.
Secure mass communications doesn't need all that, all they need is a way to exchange keys automatically and a way for people to compare key fingerprints if they suspect a man-in-the-middle. Whatsapp have managed it perfectly.
So really what you're saying is that the whole Web-of-Trust support needs a little more automation...there's lots of public places that can store the public side of a GPG/PGP key that can be easily retrieved. The problem is that many - especially new - PGP/GPG users don't know to use them, or how. If that was automated by Enigmail (and others) then it would just work...though it'd still be best if you exchanged fingerprints in person to verify you got the right key from the keyservers.
Any CA involved is
Re:Low Interest In The Public (Score:5, Insightful)
So really what you're saying is that the whole Web-of-Trust support needs a little more automation
No, he wants to scrap it. Completely. You just automatically swap keys and display it so you could verify it out-of-band or in-band and warn if it changes. And by in-band I mean that if you say something like "middle three of second group is the http code for file not found, please post it back to me" you need an exceptionally good AI or a live agent there to censor/rewrite it on the fly to match the MITM key even if it's technically not secure. Maybe you know each other in real life and you'll compare keys or make a phone call to confirm the code. Maybe you just agree to both tell a third party part of the code, that would still be hell to catch in an automated fashion. Basically, you'll do more if and only if it's important for you.
The point is, your opponent doesn't know if it's important for you. Your opponent doesn't know whether you have verified it. Your opponent doesn't know whether a new key will set off big red flags. You've made the bar to entry so low as possible, for the people who just click yes yes yes to every security dialog it won't really have any security. But if you're doing mass surveillance you don't know who the 99% who won't notice or care and the 1% that will notice and care are. The only way to avoid being caught regularly would be to not do it on a mass scale. And that's the battle we'd like to win. Activists and such that genuinely need a key vetting procedure, third party verifications and all that can still use GPG. But then the other 99% use no encryption at all.
Re: (Score:3)
No, he wants to scrap it. Completely.
He wants to scrap what he doesn't understand.
Nope, I want to scrap it, completely.
There's absolutely no reason for every last email user to be in a ring of trust. We only need a small percentage of people to actually verify their credentials and it's enough to spot of the NSA is playing games with the system.
Again, you demonstrate a lack of understanding how PGP/GPG web-of-trust works.
It doesn't work by trusting everyone. You assign trust on a per-person basis. That trust can extend trust if *you* choose it to.
That is to say, by default Web-of-Trust trusts no one. When you trust Bob you can assign Bob a trust rating - that rating can be "I only trust Bob" (1) or "I'll trust Bob and only those he trusts" (2 = Bob +1), or even further trusts (Bob + bob's trusts + people they trust...). You decide the trust
Re: (Score:2)
I disagree. If it takes one extra tap or mouse click people will call it inferior, they DONT CARE that it's an external problem to the encryption itself, and will just see it as another complicated thing that is a pain in the ass.
Source, former helpdesk tech that answers a few calls still now and again.
Difficult problem (Score:2)
Encrypted email is not âoeuser friendlyâ for the average Joe because for the most part, people arenâ(TM)t interested in it, and so brain-dead easy apps generally have not been developed.
Probably because it's basically impossible to make encryption easy AND simultaneously do it right. It's just not an easy problem. The difficulty is less in the encryption itself (thought that's not trivial) but in key management. It's very difficult to get people to do key management properly. Even tech savvy people have a hard time with it. For the technologically clueless it is simply beyond them. Good luck explaining encryption keys to your grandmother who just wants to see pictures of her grand ki
Re: Low Interest In The Public (Score:2)
Except web mail clients. Which is most people now.
Re: (Score:2)
Why isn't it automated? What's the reason?
Re: (Score:2)
use outlook with s/mime instead, it's a ton easier, although it still does require a bit of knowledge, like clicking "sign" on "encrypt", plus exchanging signed emails ahead of time so outlook can harvest the cert
If you're using Outlook, you're part of the problem.
Outlook and Security are about as opposite as one can get on any kind of scale. Time and time again Microsoft implements a feature, that feature is found to have security issues, so people disable it; so Microsoft creates another feature of the same sort, and the process repeats. Everything you do to make Outlook secure, Microsoft finds a way to break the security.
Examples: Reading Pane vs Auto-Preview - both do the same thing. Both are security issu
Re: (Score:2)
You're about 10 years behind the times.
Re: (Score:2)
I wish people would just let the PGP/GPG dream go. S/MIME is supported by pretty much every serious mail client out there, including mobile ones such as iOS and BlackBerry. The certificates cost next to nothing and most clients automate signing/encrypting decisions. I don't understand why this is not used more broadly. Who doesn't want a cool 'signed' seal next to their email?
Everyone doesn't want a cool signed seal next to their email. That's backwards. I have had colleagues do S/MIME, and then they stopped using it because at the time, Android didn't support S/MIME. As a result I'd get some emails from them with a signed seal, and some without. Did I ever suspect that I wasn't receiving legitimate email from them? Nope. If you are signing with S/MIME and then stop, what happens is that everyone receiving your email thinks "Oh thank God, that stupid ribbon thingie has stopped s
Re: (Score:2)
Doesn't S/MIME kind of depend up on you using only one email client? The client with the certificate. Who uses just one email client these days?
No, that's not the problem. You can spam your certificate to everybody in the World, it's meant for public distribution. The problem is that any mail client that wants to sign your messages or decrypt messages sent to you needs access to your private key. That means you can't use S/MIME or any public key system on a device you don't trust.
Then again, you have no business composing sensitive emails or trusting signatures on a device you don't trust.
Re: (Score:2)
Because using a CA system for E-Mail encryption just gives a loooong list of CAs the chance to fake certificates so an attacker can read the mail. you're no longer defending against one attacker or needing to trust one provider, but you need to trust a list of providers. A list, which is not choosen by you, but by the recipient which is fooled by the attacker. And the usual recipient (probably including you) did not change the list of accepted CAs. So actually the mail client programmer decides who can fake
Re: (Score:3)
And that's somehow worse than the even longer list of people who have the capability to read or modify an unencrypted plain text email? If you're concerned and sufficiently tech savvy you can verify the certificate yourself just like you can do with an HTTPS website.
The CA system is broken, but it's better than nothing.
Re: (Score:2)
It is true that encryption (or at least key management) is hard. In order to get it right, you need to understand how it works. Understanding how things work is a cornerstone of computer science and a required skill set.
Now for people who are not into computer science it would be nice if encryption were easier to use. The challenge is that if you don't manage your ke
Re: (Score:3)
As near as I can figure out he really pissed off because gpg doesn't say
"We're calculating really complex mathematical shit, we're really not frozen."
then
"we're not frozen, just really busy doing computer stuff that's really complicated, so don't start pounding on the keyboard until we tell you to or you'll just screw shit up"."
and finally
"start pounding on the keyboard like a chimpanzee trying to write the complete works of Shakespeare because we need some really random shit"
and use
Re: (Score:2)
Re: (Score:2)
No it isnt.
Use Thunderbird with the Enigmail plugin.
This is still a tech site, right???
First time I really did encrypted email was with Thunderbird and EnigMail. It really isn't difficult - and my compatriots didn't even use the PGP/GPG Key servers that are out there. Apparently TFA can't figure it outs so complains.
Re: (Score:2)
That's not fully true. pgp is a system, which can extend any message system with security. This does not depend on the protocols in any way. SMTP, POP3, IMAP, MIME ... do not care about the message body itself. You can pgp encrypt your facebook message or paste your encrypted message in a pastebin, you can even print it. The medium does not care, as long as you get the ciphertext back into the pgp program.