PGP and email security

Post Reply
Sami
Posts: 6987
Joined: Sat Oct 07, 2006 11:43 am

PGP and email security

Post by Sami » Sat Jan 05, 2008 9:20 pm

In reference to [url=https://www.mywot.com'/en/blog/clif-notes-decided-to-dump-siteadvisor-in-favor-of-wot#comment-985' t=_self]heeger's comment[/url], here's my personal opinion on the subject;

I was a big fan of [url=https://www.mywot.com'http://en.wikipedia.org/wiki/Pretty_Good_Privacy' t=_self]PGP[/url] for almost a decade. However, after doing some research on the problem a few years ago, I'm convinced it isn't the right answer to email security. PGP has been around for over 16 years and it still hasn't seen wide adoption. There are good reasons for this: it's simply too difficult for normal people to use, and even worse, it solves the wrong problem.

Allow me to explain; I want my email to remain confidential and I want to be sure of the sender's identity, just like you. PGP gives me digital signatures for authentication and encryption for protecting confidentiality. One might argue that's enough, but I also want privacy. This is something many security researchers seem eager to forget when dabbling with cryptography, even today.

One problem is that authentication often implies [url=https://www.mywot.com'http://en.wikipedia.org/wiki/Non-repudiation' t=_self]non-repudiation[/url]. This may be desirable when signing contracts, but entails considerable privacy issues for a casual email conversation. Traditional digital signatures leave behind a trail of evidence on anything that was signed. This opens up a possibility of abuse by a malicious recipient or a third party gaining access to the recorded conversation. Without repudiation, private messages can be published and undeniably linked to the sender, thus violating her privacy.

Confidentiality can be preserved with encryption, assuming all parties are able to keep their decryption keys secret. However, if the decryption key falls into the wrong hands, all previous communication can be recovered. Using ephemeral encryption keys that are discarded after use solves this problem by providing [url=https://www.mywot.com'http://en.wikipedia.org/wiki/Perfect_forward_secrecy' t=_self]forward secrecy[/url]. Even if the long-lived key used for authentication is later compromised, nobody can decrypt the recorded communication anymore.

So, cryptographically speaking, PGP gives me authentication and confidentiality, but also forces non-repudiation and fails on forward secrecy. I'm not sure why anyone in their right mind would want that on every email message they send. Still, these problems alone might be acceptable if used carefully, but there are more serious issues that I believe prevent PGP from ever gaining much more popularity.

I'm talking about key management and the usability nightmare it brings to users, of course. I want an easy way to look up anyone's public key. I don't want to examine signatures or compare key fingerprints to determine the key's authenticity. When someone sends me an email, I want to be sure that the key used for authentication is fresh and hasn't been revoked while I wasn't paying attention. I also want to be able to reliably revoke my keys if they get compromised. I want all of this to happen automatically without ever having to lift a finger. In fact, I don't even want to know about these security details, it should all happen silently in the background. This is where PGP fails miserably. Not that [url=https://www.mywot.com'http://en.wikipedia.org/wiki/Public_key_infrastructure' t=_self]the alternatives[/url] with their [url=https://www.mywot.com'http://en.wikipedia.org/wiki/Certificate_revocation_list' t=_self]horribly antiquated key revocation mechanisms[/url] fair much better.

I don't think simply building more awareness is going to make PGP more appealing to the masses unless the obvious flaws are fixed.

heeger
Posts: 7
Joined: Wed Jan 24, 2007 5:53 pm

Healing

Post by heeger » Sun Jan 06, 2008 8:35 am

A very good comment and opinion. Couldn't have said it better...

Additionally, along with building more awareness, I figured that the Web Of Trust as you've implemented it could cross borders with PGP e-mail. Maybe somewhat "healing" as a contributory effort some of these apparent flaws while adding additional trust to he sites and the site operators. In all fairness, I've found that Enigmail for Mozilla Thunderbird has made easier the process of using GPG/PGP.


Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests