25 November 2013

Email Is Unsecurable

Date: Mon, 25 Nov 2013 09:01:31 +0300
From: ianG <iang[at]iang.org>
To: Ralf Senderek <crypto[at]senderek.ie>, Cryptography <cryptography[at]metzdowd.com>
Subject: [Cryptography] Email is unsecurable

On 23/11/13 15:30 PM, Ralf Senderek wrote:

On Sat, 23 Nov 2013, David Mercer wrote:

But of course you're right about actual current usage, encrypted email is an epic fail on that measure regardless of format/protocol.

-David Mercer

Yes, but it's about time we do something about that. Do we *exactly know why* it is such a failure?

It's an interesting question, and one worth studying for pedagogical motives. From my experiences from both sides, it is clear that both sides failed. But for different reasons.

S/MIME failed because it is an atrocious key management design. Everything about it is designed to rely on certs, and nobody wanted to buy certs, and when you bought them, they didn't work well enough. It's a CA's perfect protocol because it places the cert at the apex of the mission, and a user's nightmare because certs fail too frequently in the aggregate to avoid the curse of K6 -- turn it off, dump it. In practical import (from actual experience), if you had a group of say 12 people with one year certificates, every month some person was failing to communicate because her cert had expired.... Do the math.

PGP failed because it never succeeded in conquering the GUI clients. That was in part because of what PHB [Philip Hallam-Baker] calls the Betamax-VHS war. The providers of the major clients were already in the certificate camp, so they locked out the PGP side. It was beyond the resources of the PGP group to crack that barrier.

If you look at the other big comparison, SSL, it won its early battles against the alternatives in part because one company held the reins, Netscape. They were able to force through their decisions.

But, there are other reasons. If you look at the overall picture, there are many other difficulties.

For example, consider traffic analysis or metadata or mass surveillance -- neither side did anything about that. In fact, they made it worse. Both sides did not encrypt the entire important data, the Subject: being the obvious thing that wasn't encrypted. S/MIME clients made it far worse by insisting that the From: field had to match the certificate used; which made it a *validated surveillance indicator* as opposed to just another input to the spam filter.

Then, look at the design of email. Too many steps, too many processes, too many disjoint systems under too many different RFCs. Difficult.

Then, webmail -- is it encrypted at the server (SSL?) or in the client (c.f. Hushmail). How many other clients, how many gateways, etc.

Then, the assumptions of email. Everyone can send an email, and the cost is zero. Result: spam.

Hence, I've concluded that email is unsecurable. Obviously Jon [Callas, Silent Circle] and PHB and Ladar [Levison, Lavabit] think differently. I applaud their efforts and hope they prove me wrong. But the lessons of Skype and Facebook and Netscape are writ very large -- great security achievements come from 3 party networks, not 4 party networks.

iang

_______________________________________________

The cryptography mailing list
cryptography[at]metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography